On Monday, cybersecurity firm Symantec said that a group affiliated with North Korea probably conducted the recent “WannaCry” ransomware attack. The cyber-attack affected over 300,000 computers from about 150 countries in the entire world. It caused chaos in hospitals, banks and many other institutions all over the globe.
Symantec points fingers
The researchers from Symantec said that they discovered proof of the same code being used in this attack and also in previous ones from this North-linked group. Also, on earlier versions of the “WannaCry” ransomware one. Moreover, hackers installed an early version of this attack on two computers to communicate with the tool which destroyed some files at Sony Pictures Entertainment. Very striking is the fact that they used the same internet connection on both cases. Back in 2014, many private companies and the United States government have accused North Korea of that attack on Sony.
North Korea has repeatedly denied any involvement in those attacks. On Monday, it even said that what is happening is a “dirty smear campaign”. Many know the hacking group behind the Sony attack as Lazarus. It is worth noting that Symantec does not blame governments for cyber campaigns. However, this time, they did not deny the idea that Lazarus might be working with North Korea. In a post on their blog, Symantec detailed all the tracks which the group has left behind after launching the early, less dangerous version of the “WannaCry” attack. That happened back in February. However, Vikram Thakur, Symantec’s security response technical director said that there are some clues which might mean that the group was not working for the North in this case. For example, the flaws in the attack, the fact that it was widespread, and the demands for payment in bitcoin.
Is North Korea involved?
Thakur also said that clearly Lazarus conducted this attack. However, it was clumsy and most probably, they did not do it in the benefit of North Korea. A possibility is that the members of the group simply wanted to make money. They did not have an affiliation with any government and they did not have to respond to anyone. Kaspersky is another cybersecurity company which said that it found similarities between Lazarus’ and this ransomware attack.
Image source: pixabay