Wed, May 17, 2017 - Page 1 News List

WannaCry shows link to N Korean hacking: experts

Reuters and AP, SEOUL and WASHINGTON

Cybersecurity researchers have found evidence they say could link North Korea with the WannaCry cyberattack that has infected more than 300,000 computers worldwide, as global authorities scrambled to prevent hackers from spreading new versions of the virus.

A researcher from South Korea’s Hauri Labs yesterday said their findings matched those of Symantec and Kaspersky Lab, which on Monday said that some code in an earlier version of the WannaCry software had also appeared in programs used by the Lazarus Group, identified by some researchers as a North Korea-run hacking operation.

“It is similar to North Korea’s backdoor malicious codes,” said Simon Choi, a senior researcher with Hauri who has done extensive research into the North’s hacking capabilities and advises South Korean police and National Intelligence Service.

Symantec and Kaspersky said it was too early to tell whether Pyongyang was involved in the attacks, based on the evidence that was published on Twitter by Google security researcher Neel Mehta.

The attacks, which slowed on Monday, are among the fastest-spreading extortion campaigns on record.

In Taiwan, the Central News Agency (CNA) said that the cyberattack infected computers in 10 schools, the state-run Taiwan Power Co (台電), a hospital and at least one private business.

However, it caused no damage to the schools’ core database systems.

The business, whose name was not given, reported paying US$1,000 in bitcoin to unlock files held hostage by the program.

There have been no reported incidents of the ransomware affecting government agencies, CNA said.

Chinese Ministry of Foreign Affairs spokeswoman Hua Chunying (華春瑩) said she had no information to share, when asked about the origin of the attack and whether North Korea might be connected.

Several Asian countries have been affected by the malware, although the impact has not been as widespread as some had feared.

In Malaysia, cybersecurity firm LE Global Services said it had identified 12 cases so far, including a large government-linked corporation, a government-linked investment firm and an insurance company. It did not name any of the entities.

Vietnam’s state media said more than 200 computers had been affected.

FireEye Inc, another large cybersecurity firm, said it was also investigating, but it was cautious about drawing a link to North Korea.

“The similarities we see between malware linked to that group and WannaCry are not unique enough to be strongly suggestive of a common operator,” FireEye researcher John Miller said.

US and European security officials said on condition of anonymity that it was too early to say who might be behind the attacks, but they did not rule out North Korea as a suspect.

The Lazarus hackers, acting for North Korea, have been more brazen in their pursuit of financial gain than others, and have been blamed for the theft of US$81 million from the Bangladesh central bank, according to some cybersecurity firms.

This story has been viewed 14038 times.

Comments will be moderated. Keep comments relevant to the article. Remarks containing abusive and obscene language, personal attacks of any kind or promotion will be removed and the user banned. Final decision will be at the discretion of the Taipei Times.

TOP top