Symantec and FireEye have linked the recent WannaCry ransomware attacks to North Korea:
Cybersecurity researchers at Symantec Corp. and FireEye Inc. have uncovered more evidence tying this month's WannaCry global ransomware attacks to North Korea.
The cyberattack that infected hundreds of thousands of computers worldwide was "highly likely" to have originated with Lazarus, a hacking group linked to the reclusive state, Symantec said. The software used was virtually identical to versions employed in attacks earlier this year attributed to the same agency, the company said in a report late Monday. FireEye on Tuesday agreed WannaCry shared unique code with malware previously linked to North Korea. "The shared code likely means that, at a minimum, WannaCry operators share software development resources with North Korean espionage operators," Ben Read, a FireEye analyst, said in an emailed statement.
[...] The initial attack was stifled when a security researcher disabled a key mechanism used by the worm to spread, but experts said the hackers were likely to mount a second attack because so many users of personal computers with Microsoft operating systems couldn't or didn't download a security patch released in March labeled "critical."
Also at NYT, Reuters, Ars Technica, and The Hill. Symantec blog (appears scriptwalled).
Here's a screenshot of Wana Decrypt0r 2.0. Note the Wikipedia licensing section.
Previously: Security In 2017: Ransomware Will Remain King
"Biggest Ransomware Attack in History" Hits Around 100 Countries, Disrupts UK's NHS
WannaCrypt Ransomware Variant -- Lacking Kill Switch -- Seen in Wild [Updated]
Decryption Utility for WannaCry is Released
(Score: 0) by Anonymous Coward on Wednesday May 24 2017, @04:09AM (2 children)
I'm surprised there's not more scrutiny over this sort of incredibly lazy security "analysis" here. False attribution is a regular part of any sort of digital criminal activity. What these "analysts" and the 'it's the Russkies!' crew before them are doing fundamentally comes down to "He said It was the best of times, it was the worst of times, it was the age of wisdom, it was the age of foolishness, it was the epoch of belief, it was the epoch of incredulity... therefore it must be Charles Dickens." Oh... he's dead? Oh dear... Well I guess it's POSSIBLE somebody else might have somehow gotten access to his words. Seriously, it's like all you have to do is to keep some string values in Korean and that's enough for these "security experts" to brilliantly declare it must be North Korea.
There's also this constant self contradiction that nobody seems to pick up on. On the one hand the software is often described as sophisticated clearly indicative of a state level entity. And then you have things like them storing a 'kill switch' domain name in plain text in this case or similarly completely amateur issues in former malware or hacks attributed to state level entities.
(Score: 0) by Anonymous Coward on Wednesday May 24 2017, @04:17AM (1 child)
Reminds me of CNN's "security analyst" discussing, Who is this hacker known as 4chan? [youtube.com] "He may have been just a systems administrator who knew his way around and how to hack things."
(Score: 0) by Anonymous Coward on Wednesday May 24 2017, @06:16PM
Its still unbelievable to me that these organizations tried to push a "fake news" meme.