Cybersecurity researchers at Symantec say they’ve found linkes between the WannaCry Ransomware attackers was likely carried out by a hacking group with ties to North Korea.
Cybersecurity researchers at Symantec say they’ve found linkes between the WannaCry Ransomware attackers was likely carried out by a hacking group with ties to North Korea.
In a blog post, Symantec said the “Tools and infrastructure used in the WannaCry ransomware attacks have strong links to Lazarus, the group that was responsible for the destructive attacks on Sony Pictures and the theft of $81 million from the Bangladesh Central Bank.”
Here’s a summary of links provided by Symantec:
Following the first WannaCry attack in February, three pieces of malware linked to Lazarus were discovered on the victim’s network: Trojan. Volgmer and two variants of Backdoor. Destover, the disk-wiping tool used in the Sony Pictures attacks.
Trojan. Alphanc, which was used to spread WannaCry in the March and April attacks, is a modified version of Backdoor. Duuzer, which has previously been linked to Lazarus.
Trojan. Bravonc used the same IP addresses for command and control as Backdoor.