North Korea-linked hackers 'highly likely' behind WannaCry: Symantec


Symantec researchers said they had found multiple instances of code that had been used both in the North Korean group's previous activity and in early versions of WannaCry.

The US cybersecurity firm Symantec reports that a hacking group allegedly affiliated with North Korea perpetrated the WannaCry ransomware attack.

This story has not been edited by Firstpost staff and is generated by auto-feed. "The ransomware shares some code with Backdoor.Contopee, malware that has previously been linked to Lazarus", Symantec's Security Response team stated.

All these associations have rendered Symantec confident enough to declare that Lazarus might indeed be responsible for the widespread WannaCry attacks. Despite the links to Lazarus, the WannaCry attacks do not bear the hallmarks of a nation-state campaign but are more typical of a cybercrime campaign. Similar attacks were attempted in 2016, and the panel chair advised there is now a "heightened risk" of attack.

In a warning email to UN officials and the UN Security Council's North Korea sanctions committee - also known as the 1718 committee - the panel chair described the breach as part of a "sustained cyber campaign".

The WannaCry attacks used the same command-and-control server used in the North Korean hack of Sony Pictures Entertainment in 2014, which wiped out almost half of the company's personal computers and servers.

More news: Coast Guard helps boaters taking on water off Sandy Hook
More news: Man-Made Radio Signals Have Created A Giant Bubble Around Earth
More news: Trump camp had 18 undisclosed contacts with Russians during election

"Had North Korea launched the WannaCry attack, it likely would have either attacked more strategic targets, or it would have attempted to capture more significant profits", Scott adds. This previous version was nearly identical to the version used in May 2017, with the only difference in the method of propagation.

But the hackers left behind a trail of digital crumbs that Chien and his colleagues had traced to previous attacks by the Lazarus Group, which United States government officials have said works at the behest of Pyongyang.

In November 2014, Sony Pictures Entertainment became the target of the biggest cyber attack in U.S. corporate history, linked to its release of North Korea satire "The Interview".

In addition to similarities in code, researchers have also found strong evidence that WannaCry and previous Lazarus malware tools shared the same network infrastructure. Vikram Thakur, Symantec's security response technical director, said in an interview, "Our confidence is very high that this is the work of people associated with the Lazarus Group because they had to have source code access".

Though Windows 10, Microsoft's most updated operating system, is widespread and not vulnerable to the ransomware, it's not as widespread as Windows 7, which a great number of systems still run. Alphanc is closely related to a variant of the Destover backdoor that was used in the attack on Sony Pictures Entertainment in 2014, and Bravonc uses an IP address for a command-and-control server that also has been used by the Duuzer variant of Destover.