Tuesday, December 12, 2017
   
Text Size

Site Search powered by Ajax

Researchers eye possible N Korea link to cyberattacks

Some code in massive WannaCry attack was earlier used in hacking operation linked to Pyongyang.

Cyber security researchers have found technical evidence they said could link North Korea with the global WannaCry "ransomware" cyberattack that has infected more than 300,000 computers in 150 countries since Friday.

Symantec and Kaspersky Lab said on Monday that some code in an earlier version of the WannaCry software had also appeared in programmes used by the Lazarus Group, which researchers from many companies have identified as a North Korea-run hacking operation.

"This is the best clue we have seen to date as to the origins of WannaCry," Kaspersky Lab researcher Kurt Baumgartner told Reuters news agency.


READ MORE: WannaCry: What is ransomware and how to avoid it


Both firms said it was too early to tell whether North Korea was involved in the attacks, based on the evidence that was published on Twitter by Google security researcher Neel Mehta. The attacks, which slowed on Monday, are among the fastest-spreading extortion campaigns on record.

The research will be closely followed by law enforcement agencies around the world, including Washington, where President Donald Trump's homeland security adviser said on Monday that both foreign nations and cyber criminals were possible culprits.

The two security firms said they needed to study the code more and asked for others to help with the analysis. Hackers do reuse code from other operations, so even copied lines fall well short of proof.

US and European security officials told Reuters on condition of anonymity that it was too early to say who might be behind the attacks, but they did not rule out North Korea as a suspect.

FireEye Inc, another large cyber-security firm, said it was also investigating a possible link.

"The similarities we see between malware linked to that group and WannaCry are not unique enough to be strongly suggestive of a common operator," FireEye researcher John Miller said.

The Lazarus hackers, acting for impoverished North Korea, have been more brazen in pursuit of financial gain than others, and have been blamed for the theft of $81m from the Bangladesh central bank, according to some cyber-security firms.


READ MORE: Global hacking attack infects 57,000 computers


The North Korean mission to the United Nations was not immediately available for comment.

Regardless of the source of the attack, investors piled into cyber-security stocks on Monday, betting that governments and corporations will spend more to upgrade their defences.

The perpetrators had raised less than $70,000 from users paying to regain access to their computers, according to Trump homeland security adviser Tom Bossert.

"We are not aware if payments have led to any data recovery," Bossert said, adding no US federal government systems had been affected.

WannaCry demanded ransoms starting at $300, in line with many cyber-extortion campaigns, which keep pricing low so more victims will pay.

Still, some security experts said they were not sure if the motive of WannaCry was primarily to make money, noting that large cyber-extortion campaigns typically generate millions of dollars of revenue.

"I believe that this was spread for the purpose of causing as much damage as possible," said Matthew Hickey, a co-founder of British cyber consulting firm Hacker House.


READ MORE: Global cyberattack alert as experts warn of more havoc


The countries most affected by WannaCry to date are Russia, Taiwan, Ukraine and India, according to Czech security firm Avast.

The number of infections has fallen dramatically since Friday's peak when more than 9,000 computers were being hit per hour. Earlier on Monday, Chinese traffic police and schools reported they had been targeted as the attack rolled into Asia for the new work week, but there were no major disruptions.

Authorities in Europe and the United States turned their attention to preventing hackers from spreading new versions of the virus.


blog comments powered by Disqus

Subscribe via RSS or Email:

Jerusalem: Malaysia army 'ready' to...

Read More

UN, North Korea agree security situ...

Read More

US-South Korea war games start in K...

Read More

'Grave provocation': North Korea co...

Read More

Indonesia spawns one cyclone after ...

Read More

Russia rejects US call to cut ties ...

Read More

Global_News

EU foreign policy chief Federica Mogherini rejects Benjamin Netanyahu's call to recognise Jerusalem as Israel's capital.

Read More

Donation

Thanks to all of our supporters for your generosity and your encouragement of an independent press!

Enter Amount:

Featured_Author

Login






Login reminder Forgot login?

Subscribe to MWC News Alert

Email Address

Subscribe in a reader Facebok page Twitter page

Week in Pictures

From snowfall to sunshine

Palestinians hold 'day of rage'