North America

NKorea likely behind ransomware attacks

Cyber security experts have found a link between code used by a North Korean group and that which appeared in early versions of the WannaCry ransomware.

Cyber security firm Symantec says it's "highly likely" a hacking group affiliated with North Korea was behind the WannaCry cyber attack this month that infected more than 300,000 computers worldwide and disrupted hospitals, banks and schools across the globe.

Symantec researchers say they've found multiple instances of code that had been used both in the North Korea-linked group's previous activity and in early versions of WannaCry.

In addition, the same Internet connection was used to install an early version of WannaCry on two computers and to communicate with a tool that destroyed files at Sony Pictures Entertainment. The US government and private companies have accused North Korea in the 2014 Sony attack.

North Korea has routinely denied any such role. On Monday, it called earlier reports that it might have been behind the WannaCry attack "a dirty and despicable smear campaign."

Lazarus is the name many security companies have given to the hacking group behind the Sony attack and others. By custom, Symantec does not attribute cyber campaigns directly to governments, but its researchers did not dispute the common belief that Lazarus works for North Korea.

In a blog post, Symantec listed numerous links between Lazarus and software the group had left behind after launching an earlier, less virulent, version of the malware in February. One was a variant of software used to wipe disks during the Sony Pictures attack, while another tool used the same internet addresses as two other pieces of malware linked to Lazarus.

At the same time, flaws in the WannaCry code, its wide spread, and its demands for payment in the electronic bitcoin before files are decrypted suggest that the hackers were not working for North Korean government objectives in this case, said Vikram Thakur, Symantec's security response technical director.

"Our confidence is very high that this is the work of people associated with the Lazarus Group, because they had to have source code access," Thakur said in an interview.

But he added: "We don't think that this is an operation run by a nation-state."

Share

2 min read

Published

Source: AAP

Share this with family and friends

Get SBS News daily and direct to your Inbox

Sign up now for the latest news from Australia and around the world direct to your inbox.

By subscribing, you agree to SBS’s terms of service and privacy policy including receiving email updates from SBS.

Follow SBS News
facebook
X (Twitter)
instagram
youtube
tiktok
rss
Download our apps
SBS News
iOSAndroid
SBS Audio
iOSAndroid
SBS On Demand
iOSAndroid
Listen to our podcasts
SBS News Update
An overview of the day's top stories from SBS News
SBS News In Depth
Interviews and feature reports from SBS News
SBS On the Money
Your daily ten minute finance and business news wrap with SBS Finance Editor Ricardo Gonçalves.
SBS News in Easy English
A daily five minute news wrap for English learners and people with disability
Get the latest with our News podcasts on your favourite podcast apps.
Watch on SBS
SBS World News

SBS World News

Take a global view with Australia's most comprehensive world news service
Watch nowOn Demand
Watch the latest news videos from Australia and across the world