Sony Pictures has had a rough few weeks, the hacking group going by the name of #GOP managed to infiltrate Sony’s system, shut it down for over a week and steal all 10TB of information. Even though the FBI and security experts still cannot pinpoint the attacker, new developments claim the attack was sent out from St. Regis hotel in Bangkok, Thailand.

Sources claim the attack came from the hotel’s WiFi, but it is unclear if the attacker was staying at the hotel or just in the lobby. Using a public WiFi connection disguised a lot of the information experts can trace. The hacking group has already uploaded most of the relevant information from Sony Pictures onto the Internet. The leak included social security numbers, actors wages, business contracts, passwords, visas and even unreleased film.

Sony logo

It appears the hacking group did want money, asking for a ransom from Sony Pictures three days before the attack. The hackers had already managed to breach the system—possible due to internal help—and were readying the shut-down. Most of the emails and interviews conducted by the hackers shows broken English. Security experts claim most of the encoded hack was written in Korean, leading some to believe North Korea was behind the attack.

North Korea had previously sent a warning to Sony Pictures, claiming the new film “The Interview” was an act of war. The hacking group also changed the narrative in an update last week, siding with North Korea and telling Sony to destroy the film.

It is unclear who the hackers are and what country they originate from. It is highly likely they are state-funded due to the severity of the attack, showing the capabilities of the hacking group to avoid security experts and destroy a whole system. The FBI claims this is one of the largest hacks in history and warned U.S. companies of the threat last week. Some Sony Pictures employees are preparing to sue the organization, due to their social security numbers going public.