Experts question North Korea role in WannaCry cyberattack
- Author: Leroy Wright May 20, 2017,
May 20, 2017, 20:23
Cyber experts are studying similarities between the computer code used in the WannaCry attack with malware distributed by Lazarus, a hacking group behind attacks on Sony Pictures in 2014 that was blamed on North Korea. It encrypted users' computer files and displayed a message demanding $300 to $600 worth of the digital currency bitcoin to release them; failure to pay would leave the data scrambled and likely beyond fix.
Shadow Brokers tried unsuccessfully previous year to auction off cyber tools it said were stolen from the NSA.
Choi is one of a number of researchers around the world who have suggested a possible link between the "ransomware" known as WannaCry and hackers linked to North Korea.
The New York Times reports that USA government officials have seen the similarities between WannaCry and the weapons employed in previous cyber attacks linked to North Korea, including the Sony hack, an assault on the central bank of Bangladesh a year ago, and an attack on Polish banks in February.
"The similarities we see between malware linked to that group and WannaCry are not unique enough to be strongly suggestive of a common operator", FireEye researcher John Miller said.
Madden said the North, officially known as the Democratic People's Republic of Korea, if it had a role at all, could have instead been involved by giving or providing parts of the packet used in the attack to another state-sponsored hacking group with whom it is in contact.
Though North Korea has never admitted any involvement in the Sony Pictures hack, security researchers and the U.S. government are confident in the theory and neither can rule out the possibility of a false flag. Kaspersky said "further research can be crucial to connecting the dots". They have been interested in stealing large sums of money in the past and have used Bitcoin to collect ransoms, as WannaCry does, but they also tend to be more careful about collecting payments.
Reuters notes that the Chinese Foreign Ministry had no comment on the record about North Korea's possible involvement in the attack, which has done considerable damage in Asian countries, including China.
If the isolated and impoverished communist country is in fact responsible for the latest global cyberattack, the world should work together to determine new ways to respond to cyber threats such as encouraging China to pull the plug on North Korea's internet.
"We have underestimated North Korea so far, [assuming ] since North Korea is poor, it wouldn't have any technologies".
Suffering under increased economic sanctions for its nuclear and ballistic missile programs, it would not be surprising for North Korea to attempt to make up for lost revenue through illicit cyber theft and extortion.
They say that's based on a preliminary investigation and stressed investigators are still following digital clues in the probe.
"We are not aware if payments have led to any data recovery", Bossert said, adding that no USA federal government systems had been affected. "Basically they'd have to wait on Bitcoin transactions, store the hacked files and maintain contact with the targets of the attack". PSA Group, Fiat Chrysler, Volkswagen, Daimler, Toyota and Honda said their plants were unaffected.
On the other hand, the WannaCry attack hit - and annoyed - many countries.