Multinational technology company Sony has allegedly been the victim of a data breach, with various hacking gangs attempting to take credit for the hack.
The company has said it is investigating the claims made by multiple malicious groups which saw 3.14GB of data allegedly belonging to Sony posted on dark web hacking sites.
Extortion group RansomedVC initially claimed responsibility for the cyber attack, posting on notorious dark web hacking forum BreachForums. The malicious actors posted a 2MB compressed data sample containing, among other assets, some Java source code files, Eclipse IDE screenshots and a PowerPoint presentation. The malicious actors claimed that they had “successfully compromissed [sic] all of Sony systems”. The ransomware gang said they would not ransom the data and instead would be selling it “due to Sony not wanting to pay”.
The gang also told cyber security news site BleepingComputer that they had stolen 260GB during a cyber attack against Sony, and that they were attempting to sell the data for US$2.5 million.
RansomedVC’s claims were refuted, however, by a malicious actor using the alias ‘MajorNelson’. MajorNelson posted to BreachForums, saying: “You journalists believe the ransomware crew for lies. Far too gullible, you should be ashamed.”
MajorNelson also called RansomedVCs “scammers who are just trying to scam you and chase influence”. They then “leaked for free” a sample of the data via a 2.4GB compressed archive containing 3.14GB of Sony’s data.
MajorNelson claimed the stolen data contained, among other things:
- “A lot” of credentials for online systems.
- Creators Cloud.
- Sony’s Certificates.
- A device emulator for generating licenses.
- Qasop security.
- Incident response policies.
It has been observed that the data posted by MajorNelson contained all the files also posted by RansomedVC, so it is unsure which of the malicious actors, if any, are responsible for the data breach. Both claims have not yet been verified.
So far, Sony has not addressed the leak beyond telling several news outlets: “We are currently investigating the situation, and we have no further comment at this time.”