> series: anatomy_of_a_breach —— part: 071 —— target: sony_pictures —— attacker: north_korea —— method: destruction_theft_extortion<span class="cursor-blink">_</span>_
On 24 November 2014, employees at Sony Pictures Entertainment arrived at work to find their computers displaying a red skeleton and a message from the 'Guardians of Peace' (GOP) claiming to have stolen the company's entire data archive. Within hours, it became clear the threat was real: the attackers had deployed wiper malware that destroyed data on Sony's servers and workstations, leaked five unreleased Sony films to file-sharing networks, and began publishing tranches of confidential corporate data including tens of thousands of internal emails, employee Social Security numbers, salary data, medical records, and executive communications.
The FBI attributed the attack to North Korea's Reconnaissance General Bureau, stating that the attack was retaliation for Sony's planned release of 'The Interview' — a comedy depicting the fictional assassination of North Korean leader Kim Jong-un. The attackers subsequently issued threats of violence against cinemas that screened the film, leading major cinema chains to refuse to show it and Sony to cancel the theatrical release (later reversed for a limited release and online distribution). President Obama described the attack as 'cyber vandalism' and the US imposed additional sanctions on North Korea.
We'll scope your test for free and tell you exactly what you need. No obligation, no hard sell.
Free Scoping CallThe Sony Pictures attack combined three distinct threat categories — data destruction (wiper malware), data theft and public exposure (leaking films, emails, and personal data), and physical intimidation (threats against cinemas) — into a single campaign. This represented an escalation beyond the Shamoon attack on Saudi Aramco (2012), which was purely destructive. North Korea demonstrated that nation-state attackers can simultaneously destroy your infrastructure, weaponise your data, and threaten your physical safety.
The Sony Pictures attack demonstrated that nation-state adversaries can and will target private companies for political reasons — and that the resulting attack can combine destruction, data theft, and physical intimidation in ways that exceed what most organisations' security programmes are designed to withstand. The defence requires not just technical controls but resilience planning: how does your organisation operate when its network is destroyed? How does it respond when its confidential communications are published? How does it manage physical security threats?
Our red team engagements simulate advanced adversary techniques including destructive scenarios. Infrastructure testing validates backup and recovery procedures. Cyber Essentials establishes baseline controls. SOC in a Box provides 24/7 monitoring that detects data exfiltration and wiper deployment before the damage is complete. And UK Cyber Defence provides the crisis management, forensic investigation, and incident response capability when a destructive attack occurs.
<a href="/penetration-testing/red-team">Red team testing</a> simulates advanced adversaries. <a href="/penetration-testing/infrastructure">Infrastructure testing</a> validates recovery. <a href="https://www.socinabox.co.uk">SOC in a Box</a> detects pre-attack activity. <a href="https://www.cyber-defence.io/services/incident-response">UK Cyber Defence</a> provides crisis response.
We'll scope your test for free and tell you exactly what you need. No obligation, no hard sell.
Free Scoping Call