Want to cry? The Debt Of Pyongyang.
It is “very likely” that the WannaCry cybersecurity attack that infected more than 300,000 computers around the world this month was the handiwork of a hacking group linked to North Korea, Symantec Corp, the Silicon Valley-based cybersecurity company, wrote in a blog post on Monday.
The hackers seem to be from the group known as Lazarus, which is known to have direct ties with the North Korean government. Symantec has found multiple instances of the code in WannaCry that Lazarus has used in the past, also in the 2014 attack on Sony Pictures Entertainment. The US has accused North Korea of being behind the Sony attack.
Symantec listed numerous links between Lazarus and the software of the WannaCry hackers behind a less violent version of the malware in February, including the software used to erase disks in the Sony attack.
CAN ARTIFICIAL INTELLIGENCE HELP THWART RANSOMWARE?
“Our confidence is very high that this is the work of people associated with the Lazarus Group, because they had the source code access,” Vikram Thakur, Symantec security response technical director, told Reuters.
But he said that it was unlikely that the hackers were working for North Korea this time. The operation was undisciplined, which suggests that the hackers may be moonlighting or working as contractors.
“The intelligence of the community will probably take away that there is a possibility of splinters in the Lazarus Group, or members who are interested in filling their own pockets, and that could help,” Thakur said.
WannaCry used a flaw in Microsoft’s Windows operating system and a program of the U.S. National Security Agency developed to take advantage of it. The malware surfaced on May 12, and disrupted hospitals, banks and schools all over the world.
North Korea on Monday dismissed earlier accusations that it was behind WannaCry, calls them “a dirty and despicable smear campaign.”