Security researchers: North Korea possible source of WannaCry cyber attack

Security researchers: North Korea possible source of WannaCry cyber attack

Computer researchers say strong circumstantial evidence points to North Korean involvement in the recent WannaCry cyber attack.

Researchers have said that some of the code used in Friday's ransomware, known as WannaCry software, was almost identical to the code used by the Lazarus Group, a group of North Korean hackers who used a similar version for the hack of Sony Pictures Entertainment in 2014 and last year's hack of Bangladesh Central Bank.

The attacks, which slowed on Monday, are among the fastest-spreading extortion campaigns on record.

Neel Mehta, a security researcher from Google first pointed and posted the evidence (similar code) used by the hackers behind WannaCry attack and Lazarus Group, which was behind the Sony Wiper attack, the $81 million Bangladesh central bank heist, and the DarkSeoul operation. WannaCry also includes software that was stolen from the US National Security Agency [official website] and illegally published online in April.

The code, published on Twitter, is exclusive to North Korean hackers, researchers said.

Shadow Brokers, the group that has taken credit for that leak, threatened on May 16 to release more recent code to enable hackers to break into the world's most widely used computers, software and phones.

"Neel Mehta's discovery is the most significant clue to date regarding the origins of WannaCry", said Russian security firm Kaspersky, but noted a lot more information was needed on earlier versions of WannaCry before a conclusion could be reached.

"The similarities we see between malware linked to that group and WannaCry are not unique enough to be strongly suggestive of a common operator", FireEye researcher John Miller said. The United States accused it of being behind a cyber attack on Sony Pictures in 2014.

To the editor: The objective of the recent ransomware attack that appears to have emanated from North Korea was clearly not to extort a few thousand dollars from the victims.

Lazarus is believed to operate from China-for North Korea.

Several Asian countries have been affected by the malware, although the impact has not been as widespread as some had feared.

An global manhunt was underway as private-sector researchers and government investigators alike tried to stamp out new versions of WannaCry while scouring for clues pointing to the authors of the original virus, who are "potentially criminals or foreign nation-states", said Tom Bossert, President Donald Trump's homeland security adviser. It did not name any of the entities. "We should never underestimate it", Choi said.

"The real situation may be serious".

More than 200,000 computers were crippled worldwide, the paper said, citing the European Police Office.

Taiwan Power Co said that almost 800 of its computers were affected, although these were used for administration, not for systems involved in electricity generation.