North Korea May Be Responsible For Global Cyberattack
In Malaysia, cyber security firm LE Global Services said it identified 12 cases so far, including a large government-linked corporation, a government-linked investment firm and an insurance company. “We are talking about a possibility, not that this was done by North Korea”, Choi told AP.
The U.S. government blamed North Korea for the hack on Sony Pictures Entertainment that leaked damaging personal information after Pyongyang threatened “merciless countermeasures” if the studio released a dark comedy movie that portrayed the assassination of Kim Jong Un.
Symantec and Kaspersky said it was too early to tell whether North Korea was involved in the attacks, based on the evidence that was published on Twitter by Google security researcher Neel Mehta. According to Mehta’s discovery, the “Lazarus Group” that works on behalf of North Koreans may be behind the attack as the hacking group has, in the past, used the same coding and tools as were used in “WannaCrypt” – the software used in the current hacking into the Microsoft operating software, the BBC reported on Tuesday.
Some security experts are cautiously linking the attack to the Lazarus Group, according to BBC tech reporter Dave Lee.
Forensics, though, will only get investigators so far.
Reuters reports that South Korea’s Hauri Labs confirmed the similarity between WannaCry and “North Korea’s backdoor malicious codes”, as senior researcher Simon Choi put it. Choi is highly experienced with North Korean cyber-espionage and is an adviser to South Korean intelligence and law enforcement agencies. “We want to see more coding similarities to give us more confidence”.
Identifying hackers behind sophisticated attacks is a notoriously hard task.
The idea that North Korea could be behind the attack is not a reach. Kaspersky noted that false flags within “WannaCrypt” were “possible” but “improbable”, as the shared code was removed from later versions.
Prof Alan Woodward, a security expert, pointed out to me that the text demanding the ransom uses what reads like machine-translated English, with a Chinese segment apparently written by a native speaker.
“It wouldn’t stand up in court as it is”.
In addition to past alleged cyberattacks, North Korea had also been accused of counterfeiting $100 bills which were known as “superdollars” or “supernotes” because the fakes were almost flawless.
WannaCry has been characterized as a sloppy attack with poor money handling on the ransom end, putting an nearly absurdly small sum in the hackers’ Bitcoin account compared to the scale of global havoc they have inflicted. The North strongly denied all the allegations. Russian Federation too was badly affected.
Suffering under increased economic sanctions for its nuclear and ballistic missile programs, it would not be surprising for North Korea to attempt to make up for lost revenue through illicit cyber theft and extortion. The group is also thought to have been responsible for the Sony hack in 2014. WannaCry, in contrast, was wildly indiscriminate – it would infect anything and everything it could. But then of course, maybe the ransom was a distraction for some other political goal not yet clear.
But researchers noticed one mistake: A connection that briefly came from North Korea.