By Emily Blake
Updated December 18, 2014 at 12:00 PM EST

Weeks after the Sony hacking attack that resulted in the leak of sensitive employee information and private email and most recently prompted the company to cancel the highly contentious The Interview, U.S. investigators are learning more about how the hackers initially gained access to the company’s computers.

Investigators told CNN on Thursday that they have evidence that the hackers stole a system administrator’s credentials, which essentially gave them “keys to the entire building.” It’s one of the pieces of evidence that gives officials reason to believe that the attack was not aided by someone in the company, and further supports their belief that North Korea is responsible for the attacks.

The White House has yet to publicly name the North Korean government as the culprit, but on Wednesday, intelligence officials told the New York Times that they believe the regime to be “centrally involved” in the attack. According to CNN, the government could formally blame North Korea as early as Friday but “haven’t yet decided how to respond to the attack.”

In a press briefing on Thursday, White House press secretary Josh Earnest declined to tie North Korea to the attacks, but said “there is evidence to indicate that we have seen destructive activity with malicious intent that was initiated by a sophisticated actor.”

Sony could not confirm the investigation’s findings to EW.