Experts question North Korea role in WannaCry cyber attack

The North is internationally suspected of having committed the ransomware attack as it is believed to have associated with Lazarus Group, which is also suspected of hacking into South Korean banks in 2013, Sony Pictures in 2014 and Bangladesh's central bank in February.

Experts said that has left millions of Chinese computers without security support and made China among countries most affected by the WannaCry "ransomware" attack, which has hit more than 150 countries.

Investigators said the attack was not meant to extort money, as most ransomware attacks do.

"Our researchers analysed this information, identified and confirmed clear code similarities between the malware sample highlighted by the Google researcher and the malware samples used by the "Lazarus Group" in 2015 attacks", Altaf Halde, Managing Director of Kaspersky Lab (South Asia), told IANS.

He claimed to have past year tracked down an elite North Korean hacker who boasted online that the country was conducting tests for ransomware attacks.

Who is behind the huge WannaCry ransomware attack?

American cybersecurity firm Symantec also said that it found a code used in the malware that "historically was unique to Lazarus tools", but it didn't speculate on North Korea's role in the attack.

Security researchers and USA intelligence officials have cautioned that such evidence is not conclusive, and the investigation is in its early stages.

A new campaign to mine the same currency, using the same Windows weakness as WannaCry, could be coincidence, or it could suggest that North Korea was responsible for both the ransomware and the currency mining. Kaspersky noted that false flags within "WannaCrypt" were "possible" but "improbable", as the shared code was removed from later versions. Another researcher, Comae Technologies' Matthieu Suiche, corroborated the findings.

Investigators said they had detected code similar to that used by a shadowy cybercrime network implicated in the Sony attack, the Lazarus Group, though they stressed that more investigation was necessary.

Microsoft said on Tuesday it was aware of Shadow Brokers' most recent claim and that its security teams monitor potential threats in order to "help us prioritize and take appropriate action". While these connections exist, they so far only represent weak connections.

  • Zachary Reyes