US cybersecurity experts say they have solid evidence that a former employee helped hack Sony Pictures Entertainment’s computer system — and that it was not masterminded by North Korean cyberterrorists.

One leading cybersecurity firm, Norse Corp., said Monday it has narrowed its list of suspects to a group of six people — including at least one Sony veteran with the necessary technical background to carry out the attack, according to reports.

The investigation of the Sony hacking by the private companies stands in stark contrast to the finding of the FBI, which said Dec. 19 its probe traced the hacking — which ended up foiling the planned wide release of the Hollywood studio’s “The Interview” — to North Korea.

Kurt Stammberger, senior vice president at Norse, said he used Sony’s leaked human-resources documents and cross-referenced the data with communications on hacker chat rooms and its own network of Web sensors to determine it was not North Korea behind the hack.

“When the FBI made this announcement, just a few days after the attack was made public, it raised eyebrows in the community because it’s hard to do that kind of an attribution that quickly — it’s almost unheard of,” Stammberger told Bloomberg News in a telephone interview from San Francisco.

“All the leads that we did turn up that had a Korean connection turned out to be dead ends,” he said.

The information found by Norse points to collaboration between an employee or employees terminated in a May restructuring and hackers involved in distributing pirated movies online that have been pursued by Sony, Stammberger told Bloomberg.

The initial demands by the group calling itself Guardians of Peace were extortion, rather than pulling the movie from release, he said.

Stammberger and his team at Norse, which have been looking into the hack since just before Thanksgiving, briefed the FBI on Monday about their findings, according to a separate report.

Stammberger said after the meeting that the FBI was “very open and grateful for our data and assistance” but didn’t share any of its data with Norse, although that was what the company expected, according to the second report, from Politico.com.

The FBI said Monday it is standing behind its assessment, adding that evidence doesn’t support any other explanations.

“The FBI has concluded the Government of North Korea is responsible for the theft and destruction of data on the network of Sony Pictures Entertainment. Attribution to North Korea is based on intelligence from the FBI, the U.S. intelligence community, DHS, foreign partners and the private sector,” a spokeswoman said in a statement, according to Politico. “There is no credible information to indicate that any other individual is responsible for this cyber incident.”

The attackers released private emails, employee salaries and health records of some A-list movie stars.

They’ve been silent since Dec. 16, even as Sony reversed its decision to cancel the release of “The Interview” — a movie that depicts a couple of bumbling Americans recruited by the CIA to assassinate North Korean ruler Kim Jong-un.

While the virus used to attack Sony’s computers was coded in a Korean language environment and is similar to the one that struck South Korean banks and media companies in 2013, that’s not enough to link it to North Korea, Trend Micro, a developer of security software, found, according to Bloomberg.

The malware is available on the black market and can be used without a high level of technical sophistication, according to Trend Micro’s Tokyo-based security evangelist Masayoshi Someya.

It was customized for the company, targeting specific anti-virus software, he said.

“A lot of malware is kind of like a Roomba — it shuffles around the computer network, bumps into furniture and goes in spirals and looks for things kind of randomly,” Stammberger told Bloomberg. “This was much more like a cruise missile.

‘‘This malware had specific server addresses, user IDs, passwords and credentials, it had certificates. This stuff was incredibly targeted. That is a very strong signal that an insider was involved.’’

In addition to Norse’s analysis of Internet forums where perpetrators may have communicated and compiled dates within the malware used, a report from firm Taia Global said a linguistic analysis of the purported hacker messages points to Russian speakers rather than Korean, Politico reported.

CloudFlare principal researcher and DefCon official Marc Rogers wrote that the FBI’s indicators seem to rely on malware that is widely available for purchase and IP addresses easily hijacked by any bad guy, Politico reported.

Errata Security’s Robert Graham also noted to Politico that the hacker underground shares plenty of code, calling the FBI’s evidence “nonsense.”

While there is plenty of doubt about the FBI’s finding, cybersecurity experts said Monday there is a slight chance the feds are correct.

The FBI could have other intelligence that points directly at North Korea — evidence the private companies don’t have and that the FBI is choosing not to release.

Stammberger told Politico that if there is more information out there, it should be released to private cybersecurity firms that are also investigating the attack.