(Google security) With the world's biggest ransomware attack to date, which
crippled thousands of businesses and public organizations around the world now hopefully behind us, security services across the globe are now looking into just who was behind this outbreak.
Well they are now looking in the direction of a North Korea-linked group which may be behind last week's cyberattack. Symantec
and Kaspersky have revealed that they are now investigating whether hackers from the Lazarus Group were
responsible for infecting an estimated 300,000 machines in 150 countries.
data-lang="en-gb">
BREAKING: Symantec, Kaspersky looking into technical clues that suggest North Korea-linked Lazarus Group may be behind global cyber attack— Reuters Top News (@Reuters) 15 May 2017
This all came about after a researcher found digital fingerprints that tie the
WCry ransomware worm that menaced the world on Friday to a prolific hacking
operation that previously generated headlines attacking Sony Pictures, the
Bangladesh Central Bank, and South Korean banks. The link came in a cryptic
Twitter message from Neel Mehta, a security researcher at Google. The tweet
referenced identical code found in a WCry sample from February and an early
2015 version of Cantopee, a malicious backdoor used by Lazarus Group, a hacking
team that has been operating since at least 2011.
data-lang="en">
9c7c7149387a1c79679a87dd1ba755bc @ 0x402560, 0x40F598— Neel Mehta (@neelmehta) May 15, 2017
ac21c8ad899727137c4b94458d7aa8d8 @ 0x10004ba0, 0x10012AA4#WannaCryptAttribution
Previously discovered code
fingerprints already tied Lazarus Group to the highly destructive hack that
caused hard drives in South Korea to self-destruct in 2013, wiped almost a
terabyte's worth of data from Sony Pictures in 2014, and siphoned almost $1
billion from the Bangladesh Central Bank last year by compromising the SWIFT
network used to transfer funds.
