Cyber security firm Symantec Corp said on Monday it was "highly likely" a hacking group affiliated with North Korea was behind the WannaCry cyber attack this month that infected more than 300,000 computers worldwide and disrupted hospitals, banks and schools across the globe.
Symantec researchers said they had found multiple instances of code that had been used both in the North Korea-linked group's previous activity and in early versions of WannaCry.
In addition, the same Internet connection was used to install an early version of WannaCry on two computers and to communicate with a tool that destroyed files at Sony Pictures Entertainment. The U.S. government and private companies have accused North Korea in the 2014 Sony attack.
North Korea has routinely denied any such role. On Monday, it called earlier reports that it might have been behind the WannaCry attack "a dirty and despicable smear campaign."
Lazarus is the name many security companies have given to the hacking group behind the Sony attack and others. By custom, Symantec does not attribute cyber campaigns directly to governments, but its researchers did not dispute the common belief that Lazarus works for North Korea.
In a blog post, Symantec listed numerous links between Lazarus and software the group had left behind after launching an earlier, less virulent, version of the malware in February. One was a variant of software used to wipe disks during the Sony Pictures attack, while another tool used the same internet addresses as two other pieces of malware linked to Lazarus.
At the same time, flaws in the WannaCry code, its wide spread, and its demands for payment in the electronic bitcoin before files are decrypted suggest that the hackers were not working for North Korean government objectives in this case, said Vikram Thakur, Symantec's security response technical director.
"Our confidence is very high that this is the work of people associated with the Lazarus Group, because they had to have source code access," Thakur said in an interview.
But he added: "We don't think that this is an operation run by a nation-state."
With WannaCry, Thakur said, Lazarus Group members could have been moonlighting to make extra money, or they could have left government service, or they could have been contractors without direct obligations to serve only the government.
The most effective version of WannaCry spread by using a flaw in Microsoft's Windows and a program that took advantage of it that had been used by the U.S. National Security Agency, officials said privately.
That program was among a batch leaked or stolen and then dumped online by a group calling itself The Shadow Brokers, who some in U.S. intelligence believe to be affiliated with Russia.
Analysts have been weighing in with various theories on the identity of those behind WannaCry, and some early evidence had pointed to North Korea. The Shadow Brokers endorsed that theory, perhaps to take heat off their own government backers for the disaster.
Cybersecurity company Kaspersky has said it had found several similarities between the WannaCry malware from the earlier attack and those used by Lazarus. But in an interview last week, its Asia research director, Vitaly Kamluk, said it was not conclusive evidence. "It's unusual," he said.
Beau Woods, deputy director of the Cyber Statecraft Initiative at the Atlantic Council, said that the Korean language used in some versions of the WannaCry ransom note was not that of a native speaker, making a Lazarus connection unlikely.
But Thakur said that some hackers deliberately obfuscate their language to make tracing them harder. It is also possible that the writer in question was a contractor in another country, he said.
Thakur said a less likely scenario is that Lazarus' main aim was to create chaos by distributing WannaCry.
If the hackers' main objective was to earn money on the side, that would suggest an undisciplined hacking operation run by North Korea, one that could be exploited and weakened by the country's many foes.
"The intelligence community will probably take away from this that there is a possibility of splinters in the Lazarus Group, or members who are interested in filling their own pockets, and that could help," Thakur said.
Lazarus has also been linked to attacks on banks using their SWIFT messaging network. Last year, hackers stole $81 million from Bangladesh's central bank. Symantec said malware used in that attack was linked to Lazarus.
Reuters
Tue May 23 2017
Thakur said a less likely scenario is that Lazarus' main aim was to create chaos by distributing WannaCry.
Ringgit ditutup tinggi sedikit berbanding dolar AS
Pada 6 petang, ringgit naik kepada 4.7745/7775 berbanding dolar AS daripada 4.7765/7780 ketika ditutup pada Rabu.
Inspirasi bermakna daripada Forum Umrah & Ziarah 2024
Usaha meningkatkan kapasiti Mekah dan Madinah bagi membolehkan lebih ramai umat Islam mengerjakan umrah kini menjadi fokus utama kerajaan Arab Saudi.
Forum Umrah & Ziarah 2024 yang diadakan di Madinah telah membincangkan banyak hal berkaitan perkhidmatan umrah dan ziarah termasuklah pengadaptasian teknologi terkini, pengurusan yang lebih cekap serta pengurusan kewangan yang lebih berdaya saing.
Ikuti laporan hari terakhir forum berkenaan bersama Hilal Azmi.
#ForumUmrahZiarah2024
#AWANI745
Forum Umrah & Ziarah 2024 yang diadakan di Madinah telah membincangkan banyak hal berkaitan perkhidmatan umrah dan ziarah termasuklah pengadaptasian teknologi terkini, pengurusan yang lebih cekap serta pengurusan kewangan yang lebih berdaya saing.
Ikuti laporan hari terakhir forum berkenaan bersama Hilal Azmi.
#ForumUmrahZiarah2024
#AWANI745
Penjawat awam perlu amal kecepatan dan kepesatan dalam pelaksanaan tugas - PM Anwar
Penjawat awam digesa untuk sentiasa mengamalkan kecepatan dan kepesatan dalam pelaksanaan tugas supaya dasar-dasar kerajaan dapat dilaksanakan dengan pantas.
Kerajaan kekal komited laksana dwirangkaian 5G, DNB penuhi syarat terdahulu - Gobind
Kerajaan semakin hampir untuk melaksanakan dwirangkaian 5G selepas pengumuman Ahli Lembaga Pengarah baharu Digital Nasional Bhd (DNB).
Kos SUKMA Sarawak dianggar hampir RM300 juta
Kos penganjuran Sukan Malaysia (SUKMA) Sarawak tahun ini dianggarkan hampir RM300 juta, antaranya meliputi kerja-kerja menaik taraf venue sukan serta perbelanjaan keperluan logistik.
Break The Siege: Misi flotila ke Gaza belayar esok
Syaff Shukri membawakan perkembangan terkini misi pelayaran Break The Siege: Freedom Flotilla to Gaza yang dijadualkan esok.
#AWANI745
#AWANI745
Peruntukan Pembangkang: Terpulang untuk Muhyiddin kata apa - TPM Fadillah
Terpulang kepada pihak pembangkang untuk mempersoalkan keikhlasan Kerajaan berhubung draf perjanjian persefahaman (MoU) peruntukan pembangkang, kata Timbalan Perdana Menteri Datuk Seri Fadillah Yusof.
Ketua Whip Kerajaan Perpaduan itu berkata, beliau enggan melayani sindiran bekas Perdana Menteri yang juga Pengerusi Perikatan Nasional, Tan Sri Muhyiddin Yassin tentang isu tersebut.
#AWANI745
Ketua Whip Kerajaan Perpaduan itu berkata, beliau enggan melayani sindiran bekas Perdana Menteri yang juga Pengerusi Perikatan Nasional, Tan Sri Muhyiddin Yassin tentang isu tersebut.
#AWANI745
Pelantikan ahli lembaga baharu DNB kemajuan penting dalam penyusunan semula rangkaian 5G - Gobind
Gobind berkata perkembangan terkini itu merupakan satu langkah penting ke arah memenuhi komitmen kerajaan terhadap pelaksanaan dasar 5G dwi rangkaian.
SSPA terbaik pernah diperkenalkan kerajaan - PM Anwar
Kerajaan memberi jaminan Sistem Saraan Perkhidmatan Awam (SSPA) yang bakal diumumkan dalam tempoh terdekat, sebagai antara yang terbaik pernah diperkenalkan, kata Perdana Menteri Datuk Seri Anwar Ibrahim.
Namun, katanya lagi, langkah itu bakal membabitkan implikasi kewangan yang tertinggi berbanding yang pernah dilakukan sebelum ini.
#AWANI745
Namun, katanya lagi, langkah itu bakal membabitkan implikasi kewangan yang tertinggi berbanding yang pernah dilakukan sebelum ini.
#AWANI745
KESUMA tawar lebih 3,000 pekerjaan industri hijau dengan gaji RM3,000 hingga RM16,000
Kementerian Sumber Manusia menawarkan lebih 3,000 peluang pekerjaan dalam industri hijau menerusi Karnival Kemahiran dan Kerjaya Hijau KESUMA 2024.