Global ransomware attack is similar to North Korean-orchestrated hacks, expert says

Source: AP
Source: AP

WannaCry, the computer worm that's been infecting PCs running on Microsoft Windows servers in 150 countries, resembles earlier cyberattacks linked to North Korea, a South Korean cybersecurity expert told Reuters on Tuesday.

Simon Choi, a senior researcher at South Korea's Huari Labs who advises South Korean police and intelligence officials, said WannaCry's code "is similar to North Korea's backdoor malicious codes."

WannaCry borrows code from attacks orchestrated by the Lazarus Group, a shadowy hacker collective believed to be responsible for the Sony Pictures Entertainment hack in 2014, the Bangladesh central bank hack in 2016 and the Polish bank hacks in February. All of those hacks have been linked to North Korea, the New York Times reported.

The similarities between WannaCry and previous Lazarus Group attacks were first uncovered by Google security researcher Neel Mehta, according to NPR.

Researchers at U.S.-based security firm Symantec also found possible links between Lazarus and WannaCry. "Symantec identified the presence of tools exclusively used by Lazarus on machines also infected with earlier versions of WannaCry," Symantec wrote in a blog post. "The Lazarus tools could potentially have been used as method of propagating WannaCry, but this is unconfirmed."

But other researchers cautioned against blaming the attack on North Korea without more evidence, Reuters reported. "The similarities we see between malware linked to that group and WannaCry are not unique enough to be strongly suggestive of a common operator," cybersecurity researcher John Miller said.

WannaCry uses two exploits, both believed to have been created by the National Security Agency, to encrypt data on infected machines and "ransom" it back to the machines' owners. "Whoever it is, it looks very much like they are taking advantage of the NSA's tools," Becky Pinkard, a vice president at cybersecurity firm Digital Shadows, told the Financial Times.

So far, the attack has affected machines belonging to the United Kingdom's National Health Service, Spain's Telefónica, FedEx and others.

How likely are you to make Mic your go-to news source?

Taylor Wofford

Taylor is a reporter who covers politics. Before Mic, he worked at Newsweek.

MORE FROM

8 of the biggest moments from the 48th NYC LGBT Pride March

The biggest Pride event in the world was a sight to behold.

Movement for Black Lives activists disrupt Minneapolis Pride to protest Philando Castile verdict

Protesters reportedly held signs with messages like "No KKKops at Pride."

Protesters reportedly arrested near NYC's Stonewall Inn, Pride March endpoint

The reason for the arrests were not immediately known.

Marchers arrested in Istanbul as Pride parade continues despite cancellation

The organizers' decision to move forward with the previously cancelled march led to clashes with police.

Car slams into Eid celebrants in UK, injuring 6; police say terrorism isn't suspected

Police say they believe an Eid celebrant was behind the wheel of the car that injured six outside a mosque.

Oil truck explodes in Pakistan, killing at least 153

The deadly fire broke out as residents rushed to collect the leaking oil from the overturned tanker.

8 of the biggest moments from the 48th NYC LGBT Pride March

The biggest Pride event in the world was a sight to behold.

Movement for Black Lives activists disrupt Minneapolis Pride to protest Philando Castile verdict

Protesters reportedly held signs with messages like "No KKKops at Pride."

Protesters reportedly arrested near NYC's Stonewall Inn, Pride March endpoint

The reason for the arrests were not immediately known.

Marchers arrested in Istanbul as Pride parade continues despite cancellation

The organizers' decision to move forward with the previously cancelled march led to clashes with police.

Car slams into Eid celebrants in UK, injuring 6; police say terrorism isn't suspected

Police say they believe an Eid celebrant was behind the wheel of the car that injured six outside a mosque.

Oil truck explodes in Pakistan, killing at least 153

The deadly fire broke out as residents rushed to collect the leaking oil from the overturned tanker.