Coding Clue Ties North Korean Hackers to Ransomware Cyberattack
Researchers found a clue tying WannaCry to previous North Korean-sponsored attacks.
Cybersecurity researchers have found evidence tying the recent WannaCry ransomware, which caused major disruptions around the world, to previous cyberattacks by a hacking group tied to North Korea.
The clue was found in a previous variant of the WannaCry code that had been uploaded to an archive used by cybersecurity researchers. The code had similarities to attacks conducted by the Lazarus Group, a state-sponsored North Korea hacking collective.
Google’s parent company Alphabet, Symantec, Comae Technologies, and Kaspersky Lab said their researchers found similarities between the previous WannaCry version and attacks conducted by the Lazarus Group, which experts have linked to a series of multimillion-dollar digital bank thefts and the 2014 Sony Entertainment attacks.
Researchers were quick to point out that the evidence doesn’t mean the Lazarus Group or the North Koreans are responsible for the attack that infected more than 200,000 computers around the world.
The earlier variant WannaCry ransomware appears to have been built using the same source code, but that code also could have been copied.
This article was featured in the InsideHook newsletter. Sign up now.
Suggested for you