Symantec says 'highly likely' North Korean hacking group behind ransomware attacks

Symantec says highly likely North Korea group behind ransomware attacks

The links to Lazarus are incredibly technical but in the interest of clarity we're going to lay them out here. That's not the case yet for WannaCry.

The WannaCry ransomware attack wasn't as sophisticated and mostly infected unpatched PCs, but is putting our energy and resources in finding the source of the attack more important than securing ourselves from future attacks?

But the hackers left behind a trail of digital crumbs that Chien and his colleagues had traced to previous attacks by the Lazarus Group, which USA government officials have said works at the behest of Pyongyang. But in an interview last week, its Asia research director, Vitaly Kamluk, said it was not conclusive evidence.

Moreover, the internet connection which was used to install the early version of WannaCry on two computers and communication with files that destroyed Sony Pictures Entertainment were same.

Due to the similarities in the tools, codes and infrastructure used by the hackers, the cyber security company believes tit could be the doing of Lazarus, a North Korean hacking group that was also behind cyber attacks on Sony Pictures and Bangladesh Central Bank, stealing more than $81 million.

Those tools have evolved, but are what researchers call "variants" of the same tools used in the other attacks. That crossover provided what Chien said was yet another "hard link".

The cyber security expert said that it was a less likely scenario for the attack to create chaos by spreading WannaCry. The Trojan.Bravonc sample discovered dropping WannaCry also connects to this IP address.

"We don't see that used anywhere else", Chien said.

However, Symantec said its subsequent analysis had found that code used by Lazarus was present in the latest version of WannaCry, used in...

The WannaCry 2.0 ransomware attacks earlier this month used nearly exactly the same code as the WannaCry 1.0 attacks in February, March and April this year, which gained barely any traction, with the only difference the method of propagation. The version that ran rampant used an automated system to infect new networks that utilized what appear to be stolen National Security Agency hacking tools.

After South Korean cybergurus alleged that their counterparts in the north of the peninsula had ordered the attack last week, officials in Pyongyang vehemently dismissed the accusations as pure propaganda from old opponents.

More evidence has been found linking North Korea to the global cyberattack that caused an IT meltdown in the NHS earlier this month.

Some also pointed to the small sums the attack was generating as proof that the attacks were the haphazard work of unsuccessful cybercriminals, rather than government-backed hackers.

We may never know who issued the attack in the end.

Related:

  • Pence cites Trump's 'leadership' in commencement address

    Pence cites Trump's 'leadership' in commencement address

    After his address, Pence stood on the platform and shook hands as each graduate passed after being handed their diplomas. Jaskowski said he hopes those protesting Pence's invitation still listen to what the vice president has to say.

    Trump visit seen as long shot to revive Israeli-Palestinian peacemaking

    Channel 2 TV said one American official told the Israelis the site is "not your territory" but part of the occupied West Bank. The Wall stands in the Old City in the east of Jerusalem, which Israel captured during the 1967 Middle East war.

    US extends Iran nuke sanctions relief, adds other sanctions

    The US State Department also released a report on cited Iranian human rights violations required by Congress every six months. Under the sanctions also hit a Chinese citizen and the Chinese company, said the U.S.
  • Penguins strike early, rout Senators 7-0 to take 3-2 lead

    Pittsburgh's Evgeni Malkin played in his 141st postseason game, surpassing Jaromir Jagr for the most in franchise history. The defenseman who scored just once during the regular season zipped home his second in two games 8:14 into the first.
    Cool, cloudy day in Lancaster County with rain likely overnight

    Cool, cloudy day in Lancaster County with rain likely overnight

    After Tuesday , the forecast calls for clear skies with highs in the 70s and mid-80s by the end of the week. MONDAY: Few Early Rain Showers, Drying out and Turning Partly Sunny, Breezy, Cooler, High: 62, Low: 51.
    Pippa Middleton's wedding to James Matthews sealed with a kiss

    Pippa Middleton's wedding to James Matthews sealed with a kiss

    The bride and groom emerged from the church following a service that lasted around 45 minutes - and were blessed by the weather. Pippa Middleton is the second of three children, a year younger than Kate and four years older than businessman James.
  • Davis warns Britain will quit talks if European Union  demands ?100bn

    Davis warns Britain will quit talks if European Union demands ?100bn

    Brexit Secretary David Davis said: "The EU wants to start negotiating just 11 days after the General Election on June 8". The British government wants a future trade relationship and the divorce proceedings to happen at the same time.
    LEADING OFF: Adams set to join Braves, Yankees-Rays reset

    LEADING OFF: Adams set to join Braves, Yankees-Rays reset

    Adams is already en route to Atlanta and is expected to start Sunday's series finale against the Nationals. The Braves optioned infielder Johan Camargo to Triple-A Gwinnett to clear a roster spot for Adams.

    'WannaCry' Ransomware Attack: What We Know

    Then there's the US government, whose Windows hacking tools were leaked to the internet and got into the hands of cybercriminals. As companies and individuals take stock Monday morning, the focus is turning to protecting against further attacks.
  • North Korea launches another ballistic missile test, says South's military

    North Korea launches another ballistic missile test, says South's military

    He stressed that the US only conveys messages publicly and will not hold dialogue with the North out of public view. The above given information was reportedly attested when North Korea's state media confirmed the estimates.
    New Microsoft Surface Pro Coming Our Way on Tuesday

    New Microsoft Surface Pro Coming Our Way on Tuesday

    The images also show Microsoft sticking with USB 3.0 with the new Surface Pro , eschewing USB-C connections. The latter two are probably going to be sold as optional accessories in black, blue, red and silver colors.
    Watch Mark Zuckerberg find out he got accepted into Harvard

    Watch Mark Zuckerberg find out he got accepted into Harvard

    Although before I went to college, my mom bet me I'd drop out and my younger sister bet me she'd finish college before me. Mark Zuckerberg is going back to college next week. sort of. "That was definitely not my plan", Zuckerberg replied.

Comments

Latest news

NFL To (Finally) Loosen Celebration Penalties
Now the interesting part will be whether owners - a group which skews rather older than players - are willing to go along. May 23, 2017Prolonged acts, miming weapons, offensive gestures, sexually suggestive stuff still expected to be banned.

Nike Announces New Collection of Apple Watch Bands
According to the company, the new band colors have been "inspired by a shade of the sky, from dawn to dusk". Apple and Nike have a rich history of coming together and collaborating on various products.

Suresh Prabhu's dream project will have its inaugural run tomorrow
Catering services for the prestigious train will be managed by the Indian Railway Catering and Tourism Corporation (IRCTC). Tejas Express will soon be pressed into service on the Delhi-Chandigarh, Delhi-Lucknow routes as well.

DHS hopeful Clarke denies plagiarism in master's thesis
Clarke campaigned for Trump during the 2016 election and has been one of his most prominent supporters since the election. Clarke got his master's degree from the Naval Postgraduate School in Monterrey, California.

Sebastien Bourdais crashes at Indy 500 qualifying, taken away on backboard
Alonso played himself in slowly, posting the 19th fastest speed on opening day. The Spaniard will do so in a McLaren-Andretti Autosport entry powered by Honda.

London calling: Scots shine at Twickenham
Scotland retained their London Sevens title with a 12-7 victory over England in the final at Twickenham . They were 21-0 down at half time, but stormed back to take the win and a place in the Semi Finals.

Rangers beat Tigers 5-3, extend winning streak to 10 games
Mike Pelfrey (1-4) pitched six innings, allowing one run on four hits. "He saved the bullpen", Texas manager Jeff Banister said. Straily struck out eight, walked three and allowed three runs on four hits in 5-2/3 innings.

Security experts find clues to ransomware worm's lingering risks
Financial Tribune reported two days ago some 200 computers in the country were infected by the so-called "ransomware" software. Clearly, their lack of responsibility caused their patients to suffer, and unfairly so.

France will continue working alongside Africans - Macron
He was criticised at home for describing France's colonial war in Algeria as a "crime against humanity" and "genuinely barbaric". He also met some of the 1,600 French soldiers stationed there, on the largest French military base outside of France.

Gunman revealed in shooting of six-year-old
David Archie said, "You can't continue to do what has taken place and that's taking the lives of 6-yearolds, 20-year-olds". Kingston Frazier was kidnapped early Thursday morning from the parking lot of the Kroger on I-55 in Jackson .

Price Target Analysis Novavax, Inc. (NVAX)
The current share price indicate that stock is -10.75% away from its one year high and is moving 16.85% ahead of its 52-week low. Zacks Investment Research cut Novavax from a "hold" rating to a "sell" rating in a research report on Saturday, January 21st.

Hack EVM, poll panel dares political parties
After allegations of Electronic Voting Machines' tampering, the Election Commission threw an open challenge to hack the machines. The BSP and the AAP had alleged that the machines used in the recent assembly elections were tampered with and favoured the BJP.

Trading For Paul George Isn't A Good Idea For NBA Teams
If that's the case, and his decision comes down to the Pacers and Lakers, it would be best to stay where he is now. Maybe they pull in the Thunder or another of the 28 National Basketball Association teams.

Aric Almirola Faces Lengthy Recovery; RPM Working on Plans
After being released from the hospital last Sunday, Almirola was said to be mobile and headed back to Charlotte for further evaluation.

Arsene Wenger: Arsenal star Alexis Sanchez is 'the devil'
Manchester City are in third spot with 75 points, Liverpool have 73 and Arsenal 72. After that you deal with what happens", he told BBC Sport .

Other news