Within days of the attack, respected cybersecurity firms Symantec and Kaspersky Labs hinted at a North Korea link
In this Monday, May 15, 2017, file photo, employees watch electronic boards to monitor possible ransomware cyberattacks at the Korea Internet and Security Agency in Seoul, South Korea. A couple of things about the WannaCry cyberattack are now pretty certain. It was the biggest in history and it’s a scary preview of things to come _ we’re all going to have to get used to hearing the word “ransomware.” But one thing is a lot less clear: whether North Korea had anything to do with it. (Yun Dong-jin/Yonhap via AP, File), photo: AP/Yun Dong-jin
19 of May 2017 13:27:33
TOKYO – A couple of things about the WannaCry cyberattack are certain. It was the biggest in history and it's a scary preview of things to come — we're all going to have to get used to hearing the word "ransomware." But one thing is a lot less clear: whether North Korea had anything to do with it.Despite bits and pieces of evidence that suggest a possible North Korea link, experts warn there is nothing conclusive yet — and a lot of reasons to be dubious. Why, for example, would Pyongyang carry out a big hack that hurt its two closest strategic partners more than anyone else? And for what appears to be a pretty measly amount of loot — as of Friday the grand total of ransom that had been paid was less than $100,000.North Korea's deputy U.N. ambassador Kim In Ryong dismissed allegations that the Democratic People's Republic of Korea — the country's official name — was behind the recent wave of global cyberattacks as "ridiculous.""Whenever something strange happens it is the stereotype way of the United States and the hostile forces that kick off noisy anti-DPRK campaign deliberately linking with DPRK," he told a news conference at the United Nations in New York.[caption id="attachment_59997" align="aligncenter" width="1200"] A couple of things about the WannaCry cyberattack are now pretty certain. It was the biggest in history and it’s a scary preview of things to come, we’re all going to have to get used to hearing the word “ransomware.” Photo: AP/Yun Dong-jin[/caption]Within days of the attack, respected cybersecurity firms Symantec and Kaspersky Labs hinted at a North Korea link. Google researcher Neel Mehta identified coding similarities between WannaCry and malware from 2015 that was tied to the North. And the media have since spun out stories on Pyongyang's league of hackers, its past involvement in cyberattacks and its perennial search for new revenue streams, legal or shady.But identifying hackers behind sophisticated attacks is a notoriously difficult task. Proving they are acting under the explicit orders of a nation state is even trickier.When experts say North Korea is behind an attack, what they often mean is that Pyongyang is suspected of working with or through a group known as Lazarus. The exact nature of Lazarus is cloudy, but it is thought by some to be a mixture of North Korean hackers operating in cahoots with Chinese "cyber-mercenaries" willing to at times do Pyongyang's bidding.Lazarus is a serious player in the cybercrime world.It is referred to as an "advanced persistent threat" and has been fingered in some very sophisticated operations, including an attempt to breach the security of dozens of banks this year, an attack on the Bangladesh central bank that netted $81 million last year, the 2014 Sony wiper hack and DarkSeoul, which targeted the South Korean government and businesses."The Lazarus Group's activity spans multiple years, going back as far as 2009," Kaspersky Labs said in a report last year. "Their focus, victimology, and guerrilla-style tactics indicate a dynamic, agile and highly malicious entity, open to data destruction in addition to conventional cyberespionage operations."