Clues point to a link between a hacking group connected to North Korea and the ransomware computer attacks that have crippled computer systems worldwide, according to two cyber security firms.
Clues point to a link between a hacking group connected to North Korea and the ransomware computer attacks that have crippled computer systems worldwide, according to two cyber security firms.
Experts at the global cyber-security firm Symantec found that older versions of the ransomware known as WannaCry used tools that also were used against Sony Pictures Entertainment, as well as banks in Bangladesh and Poland — attacks that all were linked to North Korea.
Researchers have singled out an identical code used in older versions of WannaCry and used by the Lazarus Group, a team of hackers tied to North Korea, The Hill reported. The code appears only in older versions of Wanna Cry, researchers said.
The attackers based their tools on vulnerabilities that were stolen from the National Security Agency, The New York Times reported.
Researchers at Google and at Moscow-based Kaspersky Lab also noted the similarities.
In 2014, the United States charged North Korea with attacking computers at Sony in retaliation for the creation of a comedy titled « The Interview » that was about a C. I. A. plot to kill North Korean leader Kim Jong-Un.
Researchers warned that despite the findings, it could it could be months before any definitive link can be proven. « At this time, all we have is a temporal link, » Symantec investigator Eric Chien told the Times . « We want to see more coding similarities … to give us more confidence.’ ’
In a blog post, Kaspersky Lab made reference to a tweet by Google researcher Neel Mehta that noted a similarity between a WannaCry sample from February 2015 and a sample from Lazarus from February 2015.