Finger points at Lazarus
US anti-virus firm Symantec: The Lazarus group, widely believed to be connected to North Korea, is ‘highly likely’ responsible for the WannaCry global cyberattack.
SAN FRANcIScO: The Lazarus hacking group, widely believed to be connected to North Korea, is “highly likely” responsible for the WannaCry global cyberattack that hit earlier this month, US anti-virus firm Symantec said.
North Korea has angrily dismissed earlier reports linking its isolated regime to the worm that crippled hundreds of thousands of computers, demanding payment in Bitcoin to return control to users.
But Symantec said the ransomware had many of the hallmarks of other Lazarus attacks, including the 2014 strike on Sony Pictures and a multimillion-dollar theft from the Bangladesh Central Bank.
Without mentioning the group’s links to North Korea, it said that prior to the global outbreak on May 12, an earlier version of WannaCry was used in a small number of attacks in the previous three months.
“Analysis ... revealed substantial commonalities in the tools, techniques, and infrastructure used by the attackers and those seen in previous Lazarus attacks.
“Making it highly likely that Lazarus was behind the spread of WannaCry,” said Symantec.
Up to 300,000 computers in 150 countries were hit by the WannaCry worm, which seizes systems and demands payment in Bitcoin to return control to users.
Banks, hospitals and state agencies were among the victims of the hackers who exploited vulnerabilities in older versions of Microsoft computer operating systems.
The North last week vehemently denied the claims, notably but not exclusively advanced by South Korean experts, and hit back to accuse its opponents of spreading propaganda.
Experts say the North appears to have stepped up cyber-attacks in recent years in a bid to earn hard foreign currency in the face of United Nations sanctions imposed over its nuclear and missile programmes.