Suspicion: Massive cyber attack caused by North Korea

James Marshall
May 19, 2017

"We should never underestimate it", Choi said.

WannaCry borrows code from attacks orchestrated by the Lazarus Group, a shadowy hacker collective believed to be responsible for the Sony Pictures Entertainment hack in 2014, the Bangladesh central bank hack in 2016 and the Polish bank hacks in February.

He claimed to have past year tracked down an elite North Korean hacker who boasted online that the country was conducting tests for ransomware attacks.

"As South Korea's diplomatic situation matures, North Korea should also show a more mature attitude, not a childish one, and contribute to (establishing a better) diplomatic relationship".

North Korea has denied being behind the Sony and banking attacks.

Rob Bertholee, the cyber spy chief in the Netherlands, where the Europol is based, said North Korea could be a major culprit, adding that Pyongyang had always been among certain countries to order such acts of sabotage.

Cybersecurity researchers on Tuesday said they have found evidence [Kapersky Lab report] that could link North Korea to the recent cyberattack that affected 300,000 computers in 150 countries over the weekend.

Researchers from global cyber security company Kaspersky Lab, whose European headquarters is in London, identified clear code similarities between the WannaCry virus and attacks by Lazarus in 2015.

He found that computer code used in an early version of WannaCry matched code used by the Lazarus group, which has been tied to the North Korean government.

Shadow Brokers, the group that has taken credit for that leak, threatened on Tuesday to release more recent code to enable hackers to break into the world's most widely used computers, software and phones.

Forensics, though, will only get investigators so far. They might be hiding out in countries that wouldn't be willing to extradite suspects for prosecution, said Robert Cattanach, a former U.S. Justice Department attorney and an expert on cybersecurity.

The WannaCry/WannaCrypt ransomware attack has hit businesses and individuals hard.

South Korea was mostly spared from the latest ransomware attack, partly because the constant threats have made the government and companies careful about always updating their software.

Other reports by Click Lancashire

Discuss This Article