Researchers see possible N Korea link to global cyber attack

| Updated on: May 16, 2017
image caption

Symantec and Kaspersky Lab said that some code in an earlier version of the WannaCry had also appeared in programs used by the Lazarus Group

Is there a connection between WannaCry and the notorious Lazarus Group, which had shocked the world earlier with the scale of its cyber crimes? Many in the industry, especially security researchers, believe there could be a strong link between the two.

For instance, Neel Mehta, a researcher at Google posted a Twitter message on Tuesday, pointing to similarities between WannaCry sample from February 2017 and a Lazarus Group sample from February 2015.

He also shared a screenshot of both samples and pointed out to the similarity of codes between the two.

Lazarus Group is believed to be a cyber crime group of two individuals, and researchers accuse them to be behind the many large cyber crimes over the last decade. The earliest attack attributed to the Group was ‘Operation Flame’ in 2007, which used first generation malware against the South Korean government.

It is alleged that the group was behind February 2016 attempt to steal $851 million, even though they stole $81 million, from Bangladesh Bank. The group was believed to behind other attacks such as ‘Operation 1Mission’, ‘Operation Troy’ and ‘DarkSeoul’.

GReAT, Kaspersky Lab's Global Research & Analysis Team, believes that Neel Mehta’s discovery is the “most significant” clue to date regarding the origins of Wannacry.

“For now, more research is required into older versions of Wannacry. We believe this might hold the key to solve some of the mysteries around this attack,” GReAT said.

“Lazarus Group’s internet protocols are originating from North Korea. We have not been able to identify the people behind, we also don’t know how many people are in the group. These are the cyber criminal threat actors behind many targeted attacks,” Althaf Halde, Managing Director at Russian cyber security firm Kaspersky Lab (South Asia) told BusinessLine .

When contacted Quick Heal said “immediate data” was not available liking the two, but the cyber security was “investigating” into possible links.

Cloud not affected The industry is of opinion that many firms with their software and processes on cloud were not impacted.

“To some extent this is correct, as most of the operating systems on the cloud are on Linux and other OS, not Windows. For Windows OS, patches were available in March itself for Windows 7 and Windows 7, while for XP it was available last month,” Sanjay Katkar, MD and CTO, Quick Heal Technologies Ltd, said.

Published on January 11, 2018

Follow us on Telegram, Facebook, Twitter, Instagram, YouTube and Linkedin. You can also download our Android App or IOS App.

This article is closed for comments.
Please Email the Editor

You May Also Like

Recommended for you