May 16, 2017
The WannaCry ransomware that attacked computers in 150 countries has lines of code that are identical to work by hackers known as the Lazarus Group, according to security experts. The Lazarus hackers have been linked to North Korea, raising suspicions that the nation could be responsible for the attack.
The connection was made by Google security researcher Neel Mehta, who pointed out similarities between WannaCry and malware used by Lazarus, the group that’s been blamed for the Sony Pictures hack of 2014 and for stealing millions of dollars from a Bangladeshi bank in 2016.
After Mehta highlighted the elements in the code, other researchers confirmed similarities that early versions of WannaCry (also called WannaCrypt, Wana Decryptor or WCry) shared with malware tools used by Lazarus.
— Costin Raiu (@craiu) May 15, 2017
While the revelation stands as the most substantial public details about the cyberattack’s origin, it’s not seen as enough to assign blame — at least in part because it’s common to copy code. But similarities in lines of malware have been traced to earlier Lazarus attacks at least as far back as 2013, when South Korean media companies were targeted. Those patterns were highlighted last year, when hackers used malware to go after banks.
This article was posted: Tuesday, May 16, 2017 at 9:30 am