North Korea’s possible ties to the devastating “Wanna Cry” ransomware virus
Several investigations and police reports suggest that North Korea could be involved in the recent series of devastating computer virus attacks that hit numerous countries during the past weekend.
Anti-virus companies Symantec and Kaspersky claim that technical clues are leading them back to the North Korea-linked Lazarus group. The group has already been blamed for a string of hacks dating back to 2009, including the Sony Pictures Entertainment hack in 2014. Researchers from Kaspersky laboratories said: “We believe this might hold the key to solve some of the mysteries around this attack. “We believe it’s important that other researchers around the world investigate these similarities and attempt to discover more facts about the origin of Wannacry.”
The volatile “Wanna Cry” virus struck numerous countries in the last couple of days, causing damage to more than 300,000 computers and networks around the world. Authorities and agencies from all over the globe scrambled to identify and locate the perpetrators behind the attack, but to no avail. However, with new evidences and clues uncovered by Symantec and Kaspersky, police forces could be able to locate the origin of the virus, and thus identify the suspects.
A researcher from South Korea’s Hauri Labs said on Tuesday their own findings matched those of Symantec (SYMC.O) and Kaspersky Lab, who said on Monday that some code in an earlier version of the WannaCry software had also appeared in programs used by the Lazarus Group, identified by some researchers as a North Korea-run hacking operation.
“It is similar to North Korea’s backdoor malicious codes,” Simon Choi, a senior researcher with Hauri who has done extensive research into North Korea’s hacking capabilities and advises South Korean police and National Intelligence Service.
Both Symantec and Kaspersky said it was too early to tell whether North Korea was involved in the attacks, based on the evidence that was published on Twitter by Google security researcher Neel Mehta. The attacks, which slowed on Monday, are among the fastest-spreading extortion campaigns on record.
Damage in Asia, however, has been limited, which also adds to the suspicion that North Korea could be behind it, since it usually targets western countries. Vietnam’s state media said on Tuesday more than 200 computers had been affected. Taiwan Power Co. TAIWP.UL said that nearly 800 of its computers were affected.
The Lazarus hackers, employed by the North Korean authorities , have been more brazen in their pursuit of financial gain than others, and have been blamed for the theft of $81 million from the Bangladesh central bank, according to some cyber security firms. The United States accused it of being behind a cyber attack on Sony Pictures in 2014.
There were rumors that Russian hackers or even intelligence agencies could be behind the attacks. But these were dismissed and debunked by Russian President Vladimir Putin himself, who blamed USA and its security agencies for creating operating systems with numerous vulnerabilities.