Screen on Fire - 2014 Sony Pictures Attacks and the Era of State Retaliation (November-December 2014)

Screen on Fire - 2014 Sony Pictures Attacks and the Era of State Retaliation (November-December 2014)

On November 24, 2014, an intrusive and disruptive attack under the name "Guardians of Peace" (GOP) was discovered against the film company Sony Pictures. Unreleased movies, executive compensation, employee personal information, internal emails, and future production plans were massively leaked, and internal devices were rendered inoperable by wiper-based malware; US-CERT noted a combination of SMB worms, backdoors, data destruction components, etc.

The attackers demanded the cancellation of the screening of the satirical film "The Interview," which was scheduled to be released immediately afterwards, and even sent out a "terror" message to theaters showing the film. Major cinema complexes one after another cancelled screenings of the film, and Sony temporarily announced that it would not release the film. Although the film was later released and distributed on a limited basis, it was a controversial incident in which a private company's freedom of expression was shaken by geopolitical pressure.

The Federal Bureau of Investigation (FBI) officially announced on December 19 that the attack was carried out by the Democratic People's Republic of Korea (North Korea). President Obama also confirmed North Korean involvement at his year-end press conference on the same day, and criticized the decision to suspend the release of the video as a "mistake. As a technical basis, the FBI cited similarities with codes used in previous North Korea-engaged attacks (e.g., the Bank of Korea in 2013).

The specific contents of the leak, including full copies of unreleased films, actor and crew compensation lists, employee data including social security numbers and health information, and candid internal email correspondence, caused a ripple effect on Hollywood production practices and studio governance. In response to the incidents, the studios proceeded to conduct security audits and review access privileges side-by-side.

The Sony case is widely regarded as an APT operation by the Lazarus Group (APT38), which is believed to be under the control of North Korea's General Directorate of Reconnaissance, and the US Department of Justice has indicted individuals for activities in the same vein as the WannaCry and Bangladesh Central Bank cases in later years. The Sony case is treated as a pioneering example of a national retaliatory attack aimed at "deterring expression" that goes beyond monetary objectives.

The background to the current situation is that production data and personal information, which are supposed to be "kept outside the company," are dispersed over a wide area due to the spread of social networking and cloud computing, and corporate networks are a mixture of legacy assets and the latest SaaS. In the midst of geopolitically tense relations between the U.S. and North Korea, the risk of private companies being targeted as a diplomatic card has become apparent. Academic case analysis also positioned this case as a singular point of "political retaliation against private companies.

In sum, this case had the triple impact of (1) a state-sponsored cyber operation involving destruction and blackmail, (2) direct pressure on speech and entertainment, and (3) a large-scale data breach. The company's response since then has been to shift the emphasis to the balance between freedom of expression and safety considerations, supply chain audits, and transparency in incident disclosure.