Jury out on N Korea link to ransomware attack

WASHINGTON: Was North Korea behind the ransomware epidemic that hit global computer networks earlier this month?
That’s the subject of heated debate in cybersecurity circles after analysts found similarities in the “WannaCry” worm to other malware attributed to North Korea, including the 2014 hack of Sony Pictures and a cyberheist of millions of dollars from the Bangladesh central bank.
The security firm Symantec this week said the shared code makes it “highly likely” that the attacks were connected to the hacker group given the code name Lazarus, which many believe is North Korean.
Cybersecurity firm Intezer last week reached a similar conclusion, finding that WannaCry had “strong links to other malware families, believed to be developed by North Korean hackers, or known to be used in attacks against South Korean organisations.”
Russian-based security firm Kaspersky Labs and others also pointed to a likely North Korean link. While the evidence is not conclusive — hackers can often hide or “spoof” their real identities — North Korea is emerging as one of the likely suspects despite a strong denial by the Pyongyang envoy to the UN, analysts say.
Symantec researchers said that despite the likely North Korea link, the WannaCry attacks “do not bear the hallmarks of a nation-state campaign but are more typical of a cybercrime campaign.”
“I could easily see North Korea doing this as a way to get money,” said Paul Benda, a Pentagon and Department of Homeland Security official who is now chief technology officer at Global Security and Innovative Strategies, a Washington consultancy.
“With the sanctions they are under they need cold hard cash.”
Other analysts have noted that sanctions squeezing Pyongyang may be prompting desperate actions to raise cash through various channels. — AFP