Possible North Korea link to ransom wave revealed
19 May, 2017
Cyber security researchers have found technical evidence they said could link North Korea with the global WannaCry ransomware. Symantec and Kaspersky Lab announced last Monday that some code in an earlier version of the WannaCry software had also appeared in programs used by the Lazarus Group, which researchers from many companies have identified as a North Korea-run hacking operation. “This is the best clue we have seen to date as to the origins of WannaCry,” Kaspersky Lab researcher Kurt Baumgartner told Reuters.
Both firms said it was too early to tell whether North Korea was directly involved in the attacks. The two security firms said they needed to study the code more and asked for others to help with the analysis. Hackers do reuse code from other operations, so even copied lines fall well short of proof. FireEye Inc , another large cyber security firm, said it was also investigating a possible link. “The similarities we see between malware linked to that group and WannaCry are not unique enough to be strongly suggestive of a common operator,” researcher John Miller said.
US and European security officials told Reuters on condition of anonymity that it was too early to say who might be behind the attacks, but they did not rule out North Korea as a suspect. The Lazarus hackers, acting for impoverished North Korea, have been more brazen in pursuit of financial gain than others, and have been blamed for the theft of $81m from the Bangladesh central bank, according to some cyber security firms.