Sony Pictures Entertainment (SPE)

In November 2014, Sony Pictures Entertainment (SPE) became a victim of a malicious cyberattack in retaliation for the movie 'The Interview,' a comedy depicting the assassination of North Korea's leader. The attackers, identified as part of the Lazarus Group, linked to North Korea, gained access to SPE's network by deploying malware to SPE employees. This disruptive cyberattack led to the theft of confidential data, threatened SPE executives and employees, and caused extensive damage to thousands of computers. The attack not only targeted SPE but also sent spear-phishing messages to other entities in the entertainment industry. The aggressive nature and scope of this cyberattack underscore the vulnerabilities faced by the entertainment industry to politically motivated cyberthreats, resulting in significant financial losses, operational disruptions, and the suppression of creative and free expression.

Source: https://www.justice.gov/opa/pr/north-korean-regime-backed-programmer-charged-conspiracy-conduct-multiple-cyber-attacks-and

TPRM report: https://scoringcyber.rankiteo.com/company/sony-pictures-entertainment

"id": "son312050624",
"linkid": "sony-pictures-entertainment",
"type": "Vulnerability",
"date": "06/2018",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"

{'affected_entities': [{'industry': 'Entertainment',
                        'name': 'Sony Pictures Entertainment',
                        'type': 'Entertainment Company'}],
 'attack_vector': 'Malware',
 'data_breach': {'type_of_data_compromised': 'Confidential data'},
 'date_detected': 'November 2014',
 'description': 'In November 2014, Sony Pictures Entertainment (SPE) became a '
                'victim of a malicious cyberattack in retaliation for the '
                "movie 'The Interview,' a comedy depicting the assassination "
                "of North Korea's leader. The attackers, identified as part of "
                'the Lazarus Group, linked to North Korea, gained access to '
                "SPE's network by deploying malware to SPE employees. This "
                'disruptive cyberattack led to the theft of confidential data, '
                'threatened SPE executives and employees, and caused extensive '
                'damage to thousands of computers. The attack not only '
                'targeted SPE but also sent spear-phishing messages to other '
                'entities in the entertainment industry. The aggressive nature '
                'and scope of this cyberattack underscore the vulnerabilities '
                'faced by the entertainment industry to politically motivated '
                'cyberthreats, resulting in significant financial losses, '
                'operational disruptions, and the suppression of creative and '
                'free expression.',
 'impact': {'data_compromised': 'Confidential data',
            'operational_impact': 'Significant operational disruptions',
            'systems_affected': 'Thousands of computers'},
 'initial_access_broker': {'entry_point': 'Malware deployed to SPE employees'},
 'motivation': 'Political',
 'threat_actor': 'Lazarus Group',
 'title': 'Sony Pictures Entertainment Cyberattack',
 'type': 'Cyberattack'}