'Strong Links' Tie North Korea to Ransomware Attacks: Symantec

Symantec, the world's largest cyber intelligence company, said that the ransomware had numerous hallmarks, fingerprints of other Lazarus attacks that wiped off nearly a terabyte worth of data from Sony Pictures and also siphoned a reported $81 million from the Bangladesh Central bank past year.

Lazarus has been linked to the hack on Sony Pictures, for which the USA government blamed North Korea, and a wave of attacks on banks around the world, including a major theft from Bangladesh's central bank.

At the same time, flaws in the WannaCry code, its wide spread, and its demands for payment in the electronic bitcoin before files are decrypted suggest that the hackers were not working for North Korean government objectives in this case, said Vikram Thakur, Symantec's security response technical director.

This story has not been edited by Firstpost staff and is generated by auto-feed.

FireEye on Tuesday agreed WannaCry shared unique code with malware previously linked to North Korea.

Kaspersky Lab warned that the repetition of code and attack infrastructure from other operations attributed to the Lazarus Group could have been meant to mislead investigators.

The company also said, "Despite the links to Lazarus, the Wanna Cry attacks do not bear the hallmarks of a nation-state campaign but are more typical of a cybercrime campaign".

Everton's Koeman on Europa League final
Ander Herrera is delighted to have Zlatan Ibrahimovic on hand to "help" Manchester United as they chase down Europa League glory. Jose sold him and he didn't play that much at Chelsea, so he knows him well.


The security researcher further points out that Lazarus group is known for its targeted and sophisticated attacks and tailored malware for an attack and it's unlikely that they will "launch a global campaign dependent on barely functional ransomware". USA authorities have accused North Korea as being responsible for the Sony Pictures hack, which it has so far denied.

In a warning email sent to United Nations officials and the Security Council's North Korea sanctions committee - also known as the 1718 committee - the panel chair described the hack attack as part of a "sustained cyber campaign", according to Reuters, which has seen the document. This earlier version was nearly identical to the version used in May 2017, with the only difference the method of propagation.

Researchers at Symantec found multiple instances of code reuse from earlier versions of WannaCry and Lazarus' previous attacks.

However, the WannaCry attack may not be orchestrated by the North Korean government, the report says.

Symantec claims the attacks "show strong links to Lazarus group". After the first WannaCry attack in February occurred, Symantec discovered three pieces of malware in the victim's network: Trojan.Volgmer along with two variants of Backdoor.Destover, disk-wiping software used in the Sony Pictures hack.

The hacking group widely blamed for breaching Sony Pictures in 2014 was "highly likely" behind the unprecedented WannaCry ransomware attack responsible for crippling computer systems around the world this month, a leading American cybersecurity firm said Monday.

  • Douglas Reid