Published in News

WannaCry might have been made in North Korea

by on16 May 2017


Lazarus Group has similar code

The ransomware known as WannaCry which put the fear of Jehovah into those who thought running Windows XP was a good idea, might have come from a group of North Korean hackers known as the Lazarus Group.

The Lazarus Group has some malware which shares some of the WannaCry code, and while experts warned that it’s far from being proved that North Korea created and launched the ransomware attacks, it is “interesting”.

Neel Mehta, a security researcher at Google, first pointed out the shared code on Twitter. The link was quickly echoed by numerous other experts. Symantec and Kaspersky have independently found distinct instances of overlapping code between WannaCry and Lazarus Group.

The Lazarus Group is doing rather well stealing money from financial institutions with fraudulent SWIFT transactions and having a nation-state powered ransomware leveraging crypto currency makes sense for them.

The Group’s Contopee code is a backdoor trojan used to take over a target’s computer. It’s been used by North Korea-linked hackers to attack the financial industry in South East Asia.

The campaign is one facet of North Korea’s greater bank hacking operations that included an $81 million theft from Bangladesh last year. Lazarus Group has been known to use and target Bitcoin in their hacking operations.

But it is not a smoking gun, code can be written and erased by anyone, and shared code is often reused.

It is also telling that no government official has attributed the global ransomware attack to a nation state yet.

Kaspersky Labs researchers have said that more research is required into older versions of Wannacry to find out its origins.

Last modified on 16 May 2017
Rate this item
(0 votes)

Read more about: