CNN is reporting that whoever hacked Sony Pictures Entertainment did so by stealing credentials from a systems administrator. It's currently citing unnamed US investigators as their source. CNN's sources also claim that the stolen credentials are what led them to conclude that this was not an "inside job" by some employee at Sony who was paid off or disgruntled.
NBC News is also reporting that the attack reportedly came from within North Korean territory and was routed to make it look like the hack was coming from Taiwan. A hotel in Taiwan was cited early on as a possible source.
The report also claims the Obama administration is currently involved in high-level meetings about how to respond and might announce as early as Friday what next steps might be taken. Past cyberattacks by Chinese groups have involved lawsuits. It's unclear whether the US government would be involved in suing North Korea, should they decide to go that route.
The stolen credentials are apparently what led US investigators to conclude that North Korea was most likely involved in the attack.