N Korea could be behind WannaCry ransomware cyber attack
N Korea could be behind WannaCry ransomware cyber attack: “Who was behind the huge global cyber-attack?” Everyone wants to know. Many believe that North Koreans could be responsible, but it is far from conclusive. The investigation is already underway to establish the origins.
It is however suspected that the Lazarus group, responsible for the devastating hack on Sony Pictures in 2014 and another one of a Bangladeshi bank in 2016, works out of China and it works on behalf of the North Koreans. Security experts are cautiously linking the Lazarus group to the WannaCry attack especially after Google’s security research department had found similarities between the coding of WannaCry, the softwares used in the hack and other tools which were used in the operation. All these tools have been used by the Lazarus group in the past.
There are other similarities too, namely, according to Prof Alan Woodward who is a security expert, that the time stamps used within the original WannaCry code were set to UTC +9- which is China’s time zone. The original text in the message is read like machine translated English, the Chinese it seems was written by a native speaker. The professor admittedly says “As you can see it’s pretty thin and all circumstantial. However, it’s worth further investigations.”
According to the Russian Security firm Kaspersky google’s discovery is the most significant clue to date regarding the origins of WannaCry, but they further added that a lot more information is required concerning the earlier versions of WannaCry before any firm conclusion can be reached. They further highlighted the requirement for further investigation by different researchers to discover fact concerning the origin of WannaCry ransomware. The website claims that looking at the Bangladesh attack very few facts linked them to the Lazarus group as linking attacks with a certain group is very difficult and requires necessitates a link to attribute a group of individual to an attack resides in consensus rather than confirmation.
The world knows that North Korea never admitted of its involvement in the Sony Pictures hack but the security researchers and the US government were confident about the North Korean involvement. Neither can rule out the possibility of a false flag.
Therefore in the case of WannaCry, it is possible that hackers had simply copied code from earlier attacks by the Lazarus Group. Though Kaspersky said false flags within WannaCry were “possible” but “improbable”, as the shared code was removed from later versions.
Despite it being the strongest theory yet as to the origin of WannaCry there are also details that arguably point away from it being the work of North Korea. Firstly, China was among the countries worst hit, and not accidentally as the hackers made sure there was a version of the ransom note written in Chinese. It seems unlikely North Korea would want to antagonise its strongest ally. Likewise, Russia too was badly affected. Secondly, North Korean cyber-attacks have typically been far more targeted, often with a political goal in mind. In the case of Sony Pictures, hackers sought to prevent the release of The Interview, a film that mocked North Korean leader Kim Jong-Un. WannaCry, in contrast, was wildly indiscriminate – it would infect anything and everything it could. Finally, if the plan was simply to make money, it’s been pretty unsuccessful on that front too – only around $60,000 (£46,500) has been paid in ransoms, according to analysis of Bitcoin accounts being used by the criminals. Bearing in mind that more than 200,000 machines infected, that is a terrible yield.
Yet another possibility is that the Lazarus Group worked alone, without instruction from North Korea. Indeed, it could be that the Lazarus Group is not even linked to North Korea.
In conclusion there are more questions than answers. Many believe that in cyber-war, facts are extremely hard to come by.
For More News:
Visit HumSub TV