Experts Believe North Korea May Be Responsible For Global Cyber Attack

Cyber experts are studying similarities between the computer code used in the WannaCry attack with malware distributed by Lazarus, a hacking group behind attacks on Sony Pictures in 2014 that was blamed on North Korea.

"It is similar to North Korea's backdoor malicious codes", said Choi. It has been mining the digital currency using malicious computer programmes since as early as 2013, he said.

In the attack, hackers demand payment from victims in bitcoins to regain access to their encrypted computers.

The latest attack was widespread, forcing the shut-down of hospitals and other businesses around the world.

Governments turned their attention to a possible new wave of cyber threats on Tuesday after the group that leaked USA hacking tools used to launch the global WannaCry "ransomware" attack warned it would release more malicious code.

The evidence is far from conclusive, however. There are reports suggesting that the Lazarus Group works outside China but on behalf of North Korea, notes the BBC. It encrypted users' computer files and displayed a message demanding $300 to $600 worth of the digital currency bitcoin to release them; failure to pay would leave the data scrambled and likely beyond fix.

It also threatened to dump data from banks using the SWIFT worldwide money transfer network and from Russian, Chinese, Iranian or North Korean nuclear and missile programs. The worm quickly scanned computers with vulnerability, in this case the older versions of Microsoft Windows, and used those computers as hackers' command and control centres.

Identifying hackers behind sophisticated attacks is a notoriously hard task, and proving they are acting under the explicit orders of a nation state is even trickier.

Who is behind the huge WannaCry ransomware attack?

On an online messenger system, Choi told Reuters, "He said he and his colleagues were running tests for ransomware attacks".

Some believe the actually responsible for the cyberattack.

"On ransomware, since March, the government of India has been on high alert". While these connections exist, they so far only represent weak connections.

North Korea has never admitted any involvement in the Sony Pictures hack - and while security researchers, and the USA government, have confidence in the theory, neither can rule out the possibility of a false flag, it said.

Most experts noted it was still too early to determine whether North Korea was involved in the attacks that paralyzed the NHS on Friday and became one of the fastest-spreading extortion campaigns ever recorded.

"I think we might have a very capable adversary in North Korea as well", said Bertholee.

"This was not a tool developed by the NSA to hold ransom data", he said, noting that no USA government systems had been hit.

  • Arturo Norris