LISTEN TO TLR’S LATEST PODCAST:
By Ryan Pickrell
The WannaCry ransomware attack that wreaked havoc on computer systems around the world over the past few days may be the handiwork of North Korea, some early clues suggest.
Google security researcher Neel Mehta sent out a tweet Monday linking two samples of malicious code: One from an early version of WannaCry and the other from the Lazarus Group, a collection of cybercriminals reportedly affiliated with North Korea.
Lazarus launched an attack on the Bangladesh central bank’s account at the Federal Reserve Bank of New York from an IP address in North Korea, according to Kaspersky Lab. The hackers stole $81 million. Lazarus has been active for years, but it wasn’t until recently that researchers discovered a connection to North Korea. The Lazarus Group is also reportedly behind the infamous Sony hack, as well as a breach at a Polish bank.
Kaspersky called Mehta’s discovery “the most significant clue to date regarding the origins of WannaCry.” Acknowledging that more research is required, the director of the global research and analysis team at Kaspersky Lab, Costin Raiu, told Forbes that Mehta “might have found the WannaCry Rosetta Stone.”
The code used in the ransomware attack is noticeably uncommon and has only been used by cybercriminals with ties to North Korea, reports the New York Times.
“At this time, all we have is a temporal link,” Eric Chien, a Symantec investigator told the Times. “We want to see more coding similarities to give us more confidence.”
Simon Choi, a director at South Korean anti-virus software company Hauri Inc. who has analyzed North Korean malware, noted that the demand for victims of the WannaCry attack to pay the ransom in bitcoins is reminiscent of North Korean tactics. He explained to Bloomberg News that North Korea has been mining the digital currency since 2013 using malicious programs.
Choi introduced that he unintentionally contacted a North Korean hacker last year, stumbling onto a plot to develop a type of ransomware. He immediately notified South Korean authorities.
The evidence suggesting that North Korea may be behind the latest attacks is tenuous, but it is the first real lead regarding the origins of the WannaCry attack that plagued hundreds of thousands of computers worldwide.