A computer virus that exploits the same vulnerability as the WannaCry ransomware attack has latched on to more than 200,000 computers and begun manufacturing digital currency, experts said on Tuesday.
The development adds to the dangers exposed by WannaCry and provides another piece of evidence that a North Korea-linked hacking group might be behind the attacks.
WannaCry, developed in part with hacking techniques that were either stolen or leaked from the US National Security Agency, has infected more than 300,000 computers since Friday last week, locking up their data and demanding a ransom payment to release it.
Researchers at security firm Proofpoint said the related attack, which installs a currency “miner” that generates digital cash, began infecting machines late last month or early this month, but had not been previously discovered because it allows computers to operate while creating the digital cash in the background.
Proofpoint executive Ryan Kalember said the authors might have earned more than US$1 million, far more than has been generated by the WannaCry attack.
Like WannaCry, the program attacks via a flaw in Microsoft Corp’s Windows software. That hole has been patched in newer versions of Windows, though not all companies and individuals have installed the patches.
Digital currencies based on a technology known as blockchain operate by enabling the creation of new currency in exchange for solving complex mathematics problems.
Digital “miners” run specially configured computers to solve the problems and generate currency, whose value ultimately fluctuates according to market demand.
Bitcoin is by far the largest such currency, but the new mining program is not aimed at Bitcoin. Rather it targeted a newer digital currency, called Monero, that experts say has been pursued by North Korean-linked hackers.
North Korea has attracted attention in the WannaCry case for a number of reasons, including the fact that early versions of the WannaCry code used some programming lines that had previously been spotted in attacks by Lazarus Group, a hacking group associated with North Korea.
Security researchers and US intelligence officials have cautioned that such evidence is not conclusive and the investigation is in its early stages.
Early last month, security firm Kaspersky Lab said that a wing of Lazarus devoted to financial gain had installed software to mine Monero on a server in Europe.
A new campaign to mine the same currency, using the same Windows weakness as WannaCry, could be coincidence, or it could suggest that North Korea was responsible for both the ransomware and the currency mining.
Kalember said he believes the similarities are “more than coincidence.”
“It’s a really strong overlap,” he said. “It’s not like you see Monero miners all over the world.”
DENIAL: Pyongyang said a South Korean drone filmed unspecified areas in a North Korean border town, but Seoul said it did not operate drones on the dates it cited North Korea’s military accused South Korea of flying drones across the border between the nations this week, yesterday warning that the South would face consequences for its “unpardonable hysteria.” Seoul quickly denied the accusation, but the development is likely to further dim prospects for its efforts to restore ties with Pyongyang. North Korean forces used special electronic warfare assets on Sunday to bring down a South Korean drone flying over North Korea’s border town. The drone was equipped with two cameras that filmed unspecified areas, the General Staff of the North Korean People’s Army said in a statement. South Korea infiltrated another drone
Indonesia and Malaysia have become the first countries to block Grok, the artificial intelligence (AI) chatbot developed by Elon Musk’s xAI, after authorities said it was being misused to generate sexually explicit and nonconsensual images. The moves reflect growing global concern over generative AI tools that can produce realistic images, sound and text, while existing safeguards fail to prevent their abuse. The Grok chatbot, which is accessed through Musk’s social media platform X, has been criticized for generating manipulated images, including depictions of women in bikinis or sexually explicit poses, as well as images involving children. Regulators in the two Southeast Asian
COMMUNIST ALIGNMENT: To Lam wants to combine party chief and state presidency roles, with the decision resting on the election of 200 new party delegates next week Communist Party of Vietnam General Secretary To Lam is seeking to combine his party role with the state presidency, officials said, in a move that would align Vietnam’s political structure more closely to China’s, where President Xi Jinping (習近平) heads the party and state. Next week about 1,600 delegates are to gather in Hanoi to commence a week-long communist party congress, held every five years to select new leaders and set policy goals for the single-party state. Lam, 68, bade for both top positions at a party meeting last month, seeking initial party approval ahead of the congress, three people briefed by
The Chinese Embassy in Manila yesterday said it has filed a diplomatic protest against a Philippine Coast Guard spokesman over a social media post that included cartoonish images of Chinese President Xi Jinping (習近平). Philippine Coast Guard spokesman Jay Tarriela and an embassy official had been trading barbs since last week over issues concerning the disputed South China Sea. The crucial waterway, which Beijing claims historic rights to despite an international ruling that its assertion has no legal basis, has been the site of repeated clashes between Chinese and Philippine vessels. Tarriela’s Facebook post on Wednesday included a photo of him giving a
RSS