investorschatroom.com

Science

North Korea-linked hackers 'highly likely' behind WannaCry: Symantec

Share
Military trucks carry soldiers through central Pyongyang North Korea on April 13

(SYMC) said its latest analysis showed substantial commonalities between WannaCry's tools and techniques and those of prior attacks by the Lazarus Group, which is suspected of links to North Korea.

According to Symantec, the ransomware had numerous hallmarks of other Lazarus attacks, including the 2014 strike on Sony Pictures and a multimillion-dollar theft from the Bangladesh Central Bank.

Symantec listed numerous links between Lazarus and software the WannaCry hackers left behind in a less virulent version of the malware in February, including software used to wipe disks in the Sony attack.

This story has not been edited by Firstpost staff and is generated by auto-feed.

Symantec linked the WannaCry outbreak to what it calls "Lazarus".

Lazarus has also been linked to attacks on banks using their SWIFT messaging network.

While security researchers at Symantec have followed the digital crumbs to conclude that Lazarus and North Korea are likely responsible for the WannaCry ransomware attack, security analysts at ICIT are of a different opinion.

Experts working for the United Nations to investigate violations of sanctions on North Korea were hit by a "sustained" cyberattack from an unknown source, Reuters reported.

Ringling Bros. owner: Final shows are 'a celebration'
It is all tragic to Gary Payne, a former president of the 2,000-member Circus Fans Association of America. The Danguir high wire troupe performs during a show, Sunday, May 7, 2017, in Providence, R.I.

Titles more important than top four to Manchester United, says Mourinho
Mourinho said United were unlikely to appeal the decision, despite feeling the red card was harsh. "I will analyze the individual performances of the players and try to understand who can give me a little bit more for the final".

Embattled White House lurches from crisis to crisis
The person who described the Comey memo to the AP was not authorized to discuss it by name and spoke on condition of anonymity. Then there was the Comey firing itself, which Trump even admitted had something to do with the Russian investigation.

The earlier attacks did not exploit the vulnerability that helped WannaCry spread so far, so fast but instead used six other malicious programs favoured by Lazarus.

"As a number of 1718 committee members were targeted in a similar fashion in 2016, I am writing to you all to alert you to this heightened risk", the panel chair wrote.

In their paper on the matter, the researchers have noted shared code between the ransomware and other code, as well as how a command and control server used as part of the malware attack against Sony was also connected to during the ransomware attack.

Symantec said it discovered multiple instances of code from the Sony Pictures hack in early versions of WannaCry.

Last week, a researcher at Google had recognized an identical code originated in a WCry sample from February attack and also an early 2015 version of Cantopee, a backdoor used by Lazarus Group, a hacking group which has been operational since 2011.

It's more likely that WannaCry was the work of a Lazarus member who tried to make money on the side or a former member of the group, Thakur said.

The initial attack was stifled when a security researcher disabled a key mechanism used by the worm to spread, but experts said the hackers were likely to mount a second attack because so many users of personal computers with Microsoft operating systems couldn't or didn't download a security patch released in March labeled "critical". By custom, Symantec does not attribute cyber campaigns directly to governments, but its researchers did not dispute the common belief that Lazarus works for North Korea.

Share