Federal cyber-security sources close to the investigation have confirmed to ABC News that there is evidence to indicate the Sony intrusion was routed through a number of infected computers in various locations overseas, including computers in Singapore, Thailand, Italy, Bolivia, Poland and Cyprus.
The primary suspects are members of an elite North Korean cyber-security unit known as "Bureau 121," the sources also confirmed today. But authorities have not ruled out that it could be an insider cooperating with some groups with a grudge against Sony, or an insider who helped the North Koreans.
However, the theory that the North Koreans are not involved and are just being used as cover is running far behind, one source said, because the tactics being used here are so "over the top." Authorities have yet to see such a far-reaching and punishing hack -- including the destruction of files, making public not only corporate but personal medical files, and now the threat of violence against theaters. The thinking is that even rivals or enemies of Sony would not go quite that far, sources said.
Law enforcement officials believe that group was also responsible for a malicious gaming app that infected thousands of smartphones in South Korea last fall, and an earlier attack on broadcasters and banks in that same country.
Some of the techniques and language used in the Sony hacking are similar to those used in these previous attacks in South Korea, sources said.