News

Actions

Intelligence agencies link WannaCry cyberattack to North Korea

Posted at 12:00 PM, Jun 16, 2017
and last updated 2017-06-16 12:00:20-04

LONDON — There’s mounting evidence that North Korea was behind last month’s WannaCry ransomware attack that hit hundreds of thousands of computers around the world.

U.K. security services believe that Lazarus, a group that has been linked to the government of North Korea, was responsible, U.K. intelligence sources said.

That appears to confirm the view of private cybersecurity experts who said last month it was “highly likely” that the attack was linked with the isolated state.

The U.K.’s National Cyber Security Centre declined to comment.

The Washington Post reported Thursday that the U.S. National Security Agency had produced a similar internal assessment last week.

The NSA assessment was based on an analysis of tactics, techniques and targets, the newspaper reported. It said the evidence points with “moderate confidence” to North Korea’s spy agency.

Private cybersecurity firms have reached similar conclusions about the software that infected computers in around 150 countries and crippled parts of Britain’s National Health Service.

Security researchers at Symantec said last month that the “tools and infrastructure used in the WannaCry ransomware attacks have strong links to Lazarus.”

“We have high probability that these two are absolutely connected,” Vikram Thakur, the firm’s security response technical director, said at the time.

The ransomware, also called WannaCrypt, locks down files on an infected computer and asks its administrator to pay in order to regain control.

The software was designed around a NSA hacking tool that was leaked online last year.

The bug was able to spread quickly because many major companies and organizations rely on “legacy software,” or old, outdated technology that no longer receives software updates.

Yet Symantec also said the attackers had made some rookie mistakes. “The WannaCry attacks do not bear the hallmarks of a nation-state campaign,” Thakur said.

North Korea’s cyber targets have shifted in recent years.

In 2013, when South Korea’s banks and broadcasters were attacked, the government blamed its neighbor to the north. In 2014, the U.S. government blamed North Korea for the the hack on Sony Pictures. Clues in both cases pointed to Lazarus.

By late 2015, the Lazarus hackers had shifted their attention to the global financial system, according to researchers.

The group has since been linked to attacks on banks in 18 countries, including a major theft from Bangladesh’s central bank.