Date
23 September 2017
An advertisement about a cybercrime center plays behind a window reflecting a nearby building at the Microsoft office in Cambridge, Massachusetts. Photo: Reuters
An advertisement about a cybercrime center plays behind a window reflecting a nearby building at the Microsoft office in Cambridge, Massachusetts. Photo: Reuters

Experts examine possible N Korea link to global cyber-attack

Internet security experts have found technical clues that could link North Korea with the WannaCry “ransomware” cyber-attack that has infected computers across the world since Friday, Reuters reports.

Symantec and Kaspersky Lab said on Monday some code in an earlier version of the WannaCry software had also appeared in programs used by the Lazarus Group, which researchers from many firms have identified as a North Korea-run hacking operation.

“This is the best clue we have seen to date as to the origins of WannaCry,” Kaspersky Lab researcher Kurt Baumgartner told Reuters.

Both firms said it is too early to tell whether North Korea was involved in the attacks, which slowed to a crawl on Monday but have already become one of the fastest-spreading extortion campaigns on record.

The companies said they need to study the code more, and asked for others to help with the analysis. 

US and European security officials told Reuters on condition of anonymity that it was still too early to say who might be behind the attacks, but they did not rule out North Korea as a suspect.

The Lazarus hackers, acting for North Korea, have been more brazen in pursuit of financial gain than others, and have been blamed for the theft of US$81 million from a Bangladesh bank.

In the latest attack, perpetrators had raised less than US$70,000 from users looking to regain access to their computers, according to Trump homeland security adviser Tom Bossert.

“We are not aware if payments have led to any data recovery,” Bossert said, adding that no federal government systems had been affected.

Some private sector cyber-security experts said they were not sure if the motive of the attack was primarily to make money, noting that most large ransomware and other types of cyber extortion campaigns pull in millions of dollars of revenue.

“I believe that this was spread for the purpose of causing as much damage as possible,” Matthew Hickey, co-founder of British cyber-consulting firm Hacker House, told Reuters.

The countries most affected by WannaCry to date are Russia, Taiwan, Ukraine and India, according to Czech security firm Avast.

– Contact us at [email protected]

RC

EJI Weekly Newsletter

Please click here to unsubscribe