NSA links Wannacry worm to North Korea

CERT-LatestNews Malware Security News SocialEngineering SymantecNews ThreatsActivists ThreatsCybercrime ThreatsEconomic ThreatsStrategic
Network operations centreImage copyright AFP
Image caption The Wannacry worm struck hundreds of companies and organisations around the world

The Wannacry worm that infected organisations in 150 countries in May has been blamed on North Korea by the US’s National Security Agency (NSA).

The Washington Post said there was “moderate confidence” in the report’s findings, while the spy agency said the worm was meant to boost regime coffers.

Security company Symantec also believes a hacking group linked to North Korea was behind the attack.

But North Korea’s involvement has been disputed by other security firms.

Cashing out

Wannacry victims included more than 60 NHS trusts in the UK as well as Fedex, Renault and Telefonica.

Those hit by the worm were asked to pay a ransom to have their data restored.

The newspaper said the NSA report claims that the worm was created by a hacker group “sponsored” by North Korea’s spy agency – the Reconnaissance General Bureau.

The assessment chimes with conclusions drawn by Symantec which said it was put together by the Lazarus hacker group working on behalf of the regime.

The Washington Post said the evidence gathered in the report was “not conclusive” but strongly suggested North Korea’s involvement.

Image copyright Oli Scarff
Image caption Machines running Windows 7 were hit hardest by Wannacry

However, in late May, intelligence company Flashpoint said its analysis suggested hackers fluent in Chinese were responsible.

In addition, James Scott, a senior fellow at the Institute for Critical Infrastructure Technology, has thrown doubt on links between Lazarus and Pyongyang.

Attempts to tie the two together were “premature and inconclusive”, he wrote.

As a money-making scheme the outbreak failed as, so far, none of the $140,000 (£110,000) in bitcoins raised in ransom payments by victims has been withdrawn.

Security experts believed this is because the transactions will be easy to track, putting law enforcement on the trail of the worm’s creators.

If North Korea was involved in the Wannacry outbreak and other hacking attempts, then it could be the signal that the nation is gearing up for more attacks, John Hultquist, a computer security researcher at FireEye told Reuters.

“It suggests they are preparing for something fairly significant,” he added.