Cybersecurity researchers have found evidence they say could link North Korea with the “WannaCry” cyber attack that has infected more than 300,000 computers worldwide. A researcher from South Korea’s Hauri Labs said on Tuesday their own findings matched those of Symantec (SYMC.O) and Kaspersky Lab, who said on Monday that some code in an earlier version of the WannaCry software had also appeared in programmes used by the Lazarus Group. The group was identified by some researchers as a North Korea-run hacking operation.
“It is similar to North Korea’s backdoor malicious codes,” Simon Choi, a senior researcher with Hauri, who has done extensive research into North Korea’s hacking capabilities and advises South Korean police and National Intelligence Service. Both Symantec and Kaspersky said it was too early to tell whether North Korea was involved in the attacks, based on the evidence that was published on Twitter by Google security researcher Neel Mehta.
The attacks, which slowed on Monday, are among the fastest-spreading extortion campaigns on record. Damage in Asia, however, has been limited. Vietnam’s state media on Tuesday said more than 200 computers had been affected. Taiwan Power Co. TAIWP.UL said that nearly 800 of its computers were affected, although these were used for administration, not for systems involved in electricity generation. FireEye Inc (FEYE.O), another large cyber security firm, said it was also investigating but cautious about drawing a link to North Korea.
(Vanguard)