Symantec Corp, the cyber security expert on Monday said that the WannaCry ransomware attacks which occurred earlier this month were “highly likely” from a hacking group affiliated with North Korea. Security researchers state they’ve found out codes which were common in North Korea-linked group’s previous activity and the early version of WannaCry.
Moreover, the internet connection which was used to install the early version of WannaCry on two computers and communication with files that destroyed Sony Pictures Entertainment were same.
The experts from the United Nations who were investigating the role of North Korea were hacked out by the unknown hackers giving a very detailed view of their work via a mail sent a by the hacking group. According to Reuters, an email warning sent on Monday said,
The zip file was sent with a highly personalized message which shows the hackers have very detailed insight into the panel’s current investigations structure and working methods.
Meanwhile, North Korea has denied any role in WannaCry attack saying the allegations against it are “a dirty and despicable smear campaign.”
Security companies have given the name Lazarus to the group behind the hacking of Sony attack and others. Symantec had earlier said that they do not attribute cyber campaigns directly to governments, but its researchers did not dispute the common belief that Lazarus works for North Korea.
Meanwhile, Vikram Thakur, Symantec’s security response technical director said that flaws in the WannaCry code, its widespread reach and the payment being demanded in electronic bitcoin before the damaged files are decrypted, suggest that hackers were not working with North Korea government. Vikram Thakur said in an interview,
Our confidence is very high that this is the work of people associated with the Lazarus Group because they had to have source code access.
Thakur on WannaCry said that Lazarus Group members would have been trying to make some extra money or they could have left the government services or there also can be contractors who do not have direct obligations to work for the government only.
Cyber security company Kaspersky said that there was the similarity between the malware used in WannaCry and the one used by Lazarus. However, Kaspersky Asia research director later denied it. Some version of WannaCry ransom note were in the Korean language suggesting a Lazarus connection. Thakur also added,
The intelligence community will probably take away from this that there is a possibility of splinters in the Lazarus Group or members who are interested in filling their own pockets, and that could help.
Lazarus Group has previously been linked to using their SWIFT messaging network to steal nearly $81 million from Bangladesh’s central bank. The malware used in the attack was linked to Lazarus, Symantec said.