North Korea May Be Linked To WannaCry Ransomware, Researchers Say

Paterniano Del Favero
Mag 18, 2017

A hacking group linked to North Korea has used code that's identical to some of the malware used in the WannaCry attack, security researchers say.

Paris - North Korea may have been behind the global cyberattack that has been affecting tens of thousands of government companies and institutions since Friday, experts said.

A spokesman for the Hong Kong Exchanges and Clearing, one of the region's biggest bourses, said all systems were so far working normally.

In November 2014, Sony Pictures Entertainment became the target of the biggest cyberattack in U.S. corporate history, linked to its release of North Korea satire "The Interview", hated by Pyongyang.

On this, the cybersecurity firm Kaspersky Lab's researcher Kurt Baumgartner said, "Neel Mehta's discovery is the most significant clue to date regarding the origins of WannaCrypt".

However, Bambenek cautioned that the links are circumstantial. "The code in question is not a large portion of the overall Wannacry malware so it's plausible that the attackers got it from somewhere else". In a blog post Sunday, the company criticized the National Security Agency for stockpiling digital weapons. It has been mining the digital currency using malicious computer programmes since as early as 2013, he said. Following a series of high-profile attacks, Lazarus rose to notoriety.

WannaCry, the ransomware cyber attack that has affected computers worldwide, has made its way to India, affecting states like West Bengal, Andhra Pradesh, Telangana, and Kerala. According to Wired, they were later identified by U.S. intelligence agencies as a North Korean government operation.

The cyberattack that swept across the globe finally slowed down on Monday.

Though North Korea has never admitted any involvement in the Sony Pictures hack, security researchers and the U.S. government are confident in the theory and neither can rule out the possibility of a false flag.

"We are not aware of payments that have led to any data recovery", White House Homeland Security adviser Tom Bossert said at a daily briefing.

The attack had infected close to 30,000 Chinese organisations by Saturday evening, Chinese security software maker Qihoo said. "Previous concerns of a wide-scale infection of domestic institutions did not eventuate".

"But South Korea doesn't appear to be hurt any more than other countries". In response, the Korea Internet and Security Agency in Seoul raised its warning level to three, or "cautious", on a scale of one to five. He immediately notified South Korean authorities. All of those hacks have been linked to North Korea, the New York Times reported.

In Hong Kong, Gazeley said his team had found a new version of the worm that didn't use e-mail to lure victims.

The malware acts like a worm and finds security holes in a computer to spread throughout a network. Although the flaw has been patched by the company, not all users had applied the update. It encrypted users' computer files and displayed a message demanding 300 to 600 United States dollars (£230-£390) of the digital currency bitcoin to release them.

So far, the attack has affected machines belonging to the United Kingdom's National Health Service, Spain's Telefónica, FedEx and others.

Russian President Vladimir Putin, noting the technology's link to the USA spy service, said it should be "discussed immediately on a serious political level".

Altre relazioni OverNewsmagazine

Discuti questo articolo