Published: Thu, May 25, 2017
Tech | By Constance Martin

North Korea hackers' link to WannaCry ransomware attack 'highly likely'

North Korea hackers' link to WannaCry ransomware attack 'highly likely'

Symantec's researchers have uncovered a potential link between the WannaCry ransomware worm, that hit systems just over a week ago, and code used by the Lazarus Group, the hackers that attacked Sony in 2015 and $81M theft from the Bangladesh Central Bank and are believed to be based in North Korea.

Researchers have found more digital fingerprints tying this month's WCry ransomware worm to the same prolific hacking group that attacked Sony Pictures in 2014 and the Bangladesh Central Bank a year ago.

Claims by Symantec earlier this week that the WannaCry ransomware is the work of a North Korean group called Lazarus have been labelled "premature, inconclusive and distracting", by the Institute for Critical Infrastructure Technology (ICIT).

Furthermore, fingerprints linked Lazarus Group to hacks that wiped off nearly a terabyte worth of data from Sony Pictures and also siphoned a reported $81 million from the Bangladesh Central bank past year.

Cybersecurity company Kaspersky has said it had found several similarities between the WannaCry malware from the earlier attack and those used by Lazarus.

Security research firm Symantec disclosed findings Monday that drew even stronger links between Lazarus Group and the WannaCry attack, including "substantial commonalities" in the tools, techniques and infrastructure used by the WannaCry attackers and those seen in previous Lazarus attacks.

Some computer security experts have said it is too soon to accuse North Korea, and North Korean officials have denied involvement.

Target Co. (TGT) Upgraded at Zacks Investment Research
Also, it has an estimated price-earnings (P/E) multiple of 17.35 and a trailing 12-month price-earnings (P/E) multiple of 0. The retailer reported $1.21 earnings per share for the quarter, topping the Zacks' consensus estimate of $0.91 by $0.30.

Trojan.Alphanc, which was used to spread WCry in attacks that took place in March and April attacks, is a modified version of Backdoor.Duuzer, which has previously been linked to Lazarus.

Symantec said it discovered multiple instances of code from the Sony Pictures hack in early versions of WannaCry.

Hackers have been trying to restart the WannaCry attack by targeting the domain that acted as a kill-switch and was set up by a 22-year-old British security researcher, who goes by MalwareTech online. The WannaCry ransomware drew national headlines after it infected tens of thousands of computers in dozens of countries within a matter of hours.

The latest version of WannaCry released incorporated a leaked exploit known as "EternalBlue", which leverages two known Microsoft vulnerabilities to spread the ransomware to unpatched computers connected to a shared, infected network. "None of us are North Korean operators, and thus don't think like North Korean operators", he said.

More than a week after the massive WannaCry ransomware attack hobbled computer systems around the world, security experts continue to assess the damage and keep watch for new outbreaks.

Seoul internet security firm Hauri, known for its vast troves of data on Pyongyang's hacking activities, has been warning of ransomware attacks since previous year.

While it's possible Lazarus thought they could make a lot of money with WannaCry, "they totally botched it up and got nearly nothing", Thakur said.

Like this: