|
Researchers say global cyber attack
similar to North Korean hacks
Send a link to a friend
 [May 16, 2017]
By Ju-min Park and Dustin Volz
SEOUL/WASHINGTON (Reuters) - Cybersecurity
researchers have found evidence they say could link North Korea with the
WannaCry cyber attack that has infected more than 300,000 computers
worldwide as global authorities scrambled to prevent hackers from
spreading new versions of the virus.
A researcher from South Korea's Hauri Labs said on Tuesday their own
findings matched those of Symantec (SYMC.O) and Kaspersky Lab, who said
on Monday that some code in an earlier version of the WannaCry software
had also appeared in programs used by the Lazarus Group, identified by
some researchers as a North Korea-run hacking operation.
"It is similar to North Korea's backdoor malicious codes," Simon Choi, a
senior researcher with Hauri who has done extensive research into North
Korea's hacking capabilities and advises South Korean police and
National Intelligence Service.
Both Symantec and Kaspersky said it was too early to tell whether North
Korea was involved in the attacks, based on the evidence that was
published on Twitter by Google security researcher Neel Mehta. The
attacks, which slowed on Monday, are among the fastest-spreading
extortion campaigns on record.
Damage in Asia, however, has been limited.
Vietnam's state media said on Tuesday more than 200 computers had been
affected. Taiwan Power Co. <TAIWP.UL> said that nearly 800 of its
computers were affected, although these were used for administration,
not for systems involved in electricity generation.
FireEye Inc (FEYE.O), another large cyber security firm, said it was
also investigating but cautious about drawing a link to North Korea.
"The similarities we see between malware linked to that group and
WannaCry are not unique enough to be strongly suggestive of a common
operator," FireEye researcher John Miller said.
U.S. and European security officials told Reuters on condition of
anonymity that it was too early to say who might be behind the attacks,
but they did not rule out North Korea as a suspect.
The Lazarus hackers, acting for impoverished North Korea, have been more
brazen in their pursuit of financial gain than others, and have been
blamed for the theft of $81 million from the Bangladesh central bank,
according to some cyber security firms. The United States accused it of
being behind a cyber attack on Sony Pictures in 2014.
An official at South Korea's Korea Internet & Security Agency said on
Tuesday the agency was sharing information with intelligence officials
on recent cases reported for damages but was not in position to
investigate the source of the attack. The official declined to comment
on intelligence-related matters.
[to top of second column] |
A screenshot shows a WannaCry ransomware demand, provided by cyber
security firm Symantec, in Mountain View, California, U.S. May 15,
2017. Courtesy of Symantec/Handout via REUTERS
A South Korean police official that handles investigations into
hacking and cyber breaches said he was aware of reports on North
Korea link but said the police were not investigating yet.
Victims haven't requested investigations but they want their systems
to be restored, the official said.
North Korea has denied being behind the Sony and banking attacks.
North Korean officials were not immediately available for comment
and its state media has been quiet about the matter.
Hauri researcher Choi said the code bore similarities with those
allegedly used by North Korean hackers in the Sony and bank heists.
He said based on his conversations with North Korean hackers, the
reclusive state had been developing and testing ransomware programs
since August.
In one case, alleged hackers from North Korea demanded bitcoin in
exchange for client information they had stolen from a South Korean
shopping mall, Choi added.
The North Korean mission to the United Nations was not immediately
available for comment on Monday.
While the attacks have raised concerns for cyber authorities and
end-users worldwide, they have helped cybersecurity stocks as
investors bet governments and corporations will spend more to
upgrade their defenses.
Cisco Systems (CSCO.O) closed up 2.3 percent on Monday and was the
second-biggest gainer in the Dow Jones Industrial Average.
Graphic: Cyber security ETF beats broader market -
http://reut.rs/2pPQykk
Graphic: How ransomware attack works, where and when it spread -
http://tmsnrt.rs/2qIXzb8
(Additional reporting by Jess Macy Yu in Taipei, My Pham in Hanoi;
Writing by Jeremy Wagstaff in Singapore; Editing by Sam Holmes and
Michael Perry)
[© 2017 Thomson Reuters. All rights
reserved.]
Copyright 2017 Reuters. All rights reserved. This material may not be published,
broadcast, rewritten or redistributed. |
