 "Wannacry aftershocks: Ransomware attack has traces of N Korean hack")
Cybersecurity researchers have found evidence they say could link North Korea with the WannaCry cyber attack that has infected more than 300,000 computers worldwide as global authorities scrambled to prevent hackers from spreading new versions of the virus.
A researcher from South Korea's Hauri Labs said on Tuesday their own findings matched those of Symantec and Kaspersky Lab, who said on Monday that some code in an earlier version of the WannaCry software had also appeared in programmes used by the Lazarus Group, identified by some researchers as a North Korea-run hacking operation.
"It is similar to North Korea's backdoor malicious codes," Simon Choi, a senior researcher with Hauri who has done extensive research into North Korea's hacking capabilities and advises South Korean police and National Intelligence Service.
Both Symantec and Kaspersky said it was too early to tell whether North Korea was involved in the attacks, based on the evidence that was published on Twitter by Google security researcher Neel Mehta. The attacks, which slowed on Monday, are among the fastest-spreading extortion campaigns on record.
Damage in Asia, however, has been limited.
Vietnam's state media said on Tuesday more than 200 computers had been affected. Taiwan Power Co. said that nearly 800 of its computers were affected, although these were used for administration, not for systems involved in electricity generation.
FireEye Inc, another large cyber security firm, said it was also investigating but cautious about drawing a link to North Korea.
"The similarities we see between malware linked to that group and WannaCry are not unique enough to be strongly suggestive of a common operator," FireEye researcher John Miller said.
US and European security officials told Reuters on condition of anonymity that it was too early to say who might be behind the attacks, but they did not rule out North Korea as a suspect.
The Lazarus hackers, acting for impoverished North Korea, have been more brazen in their pursuit of financial gain than others, and have been blamed for the theft of $81 million from the Bangladesh central bank, according to some cyber security firms. The United States accused it of being behind a cyber attack on Sony Pictures in 2014.
An official at South Korea's Korea Internet & Security Agency said on Tuesday the agency was sharing information with intelligence officials on recent cases reported for damages but was not in position to investigate the source of the attack. The official declined to comment on intelligence-related matters.
A South Korean police official that handles investigations into hacking and cyber breaches said he was aware of reports on North Korea link but said the police were not investigating yet.
Victims haven't requested investigations but they want their systems to be restored, the official said.
North Korea has denied being behind the Sony and banking attacks. North Korean officials were not immediately available for comment and its state media has been quiet about the matter.
Hauri researcher Choi said the code bore similarities with those allegedly used by North Korean hackers in the Sony and bank heists. He said based on his conversations with North Korean hackers, the reclusive state had been developing and testing ransomware programmes since August.
In one case, alleged hackers from North Korea demanded bitcoin in exchange for client information they had stolen from a South Korean shopping mall, Choi added.
The North Korean mission to the United Nations was not immediately available for comment on Monday.
While the attacks have raised concerns for cyber authorities and end-users worldwide, they have helped cybersecurity stocks as investors bet governments and corporations will spend more to upgrade their defenses.
Cisco Systems (CSCO.O) closed up 2.3 percent on Monday and was the second-biggest gainer in the Dow Jones Industrial Average.
A researcher from South Korea's Hauri Labs said on Tuesday their own findings matched those of Symantec and Kaspersky Lab, who said on Monday that some code in an earlier version of the WannaCry software had also appeared in programmes used by the Lazarus Group, identified by some researchers as a North Korea-run hacking operation.
"It is similar to North Korea's backdoor malicious codes," Simon Choi, a senior researcher with Hauri who has done extensive research into North Korea's hacking capabilities and advises South Korean police and National Intelligence Service.
Both Symantec and Kaspersky said it was too early to tell whether North Korea was involved in the attacks, based on the evidence that was published on Twitter by Google security researcher Neel Mehta. The attacks, which slowed on Monday, are among the fastest-spreading extortion campaigns on record.
Damage in Asia, however, has been limited.
Vietnam's state media said on Tuesday more than 200 computers had been affected. Taiwan Power Co. said that nearly 800 of its computers were affected, although these were used for administration, not for systems involved in electricity generation.
FireEye Inc, another large cyber security firm, said it was also investigating but cautious about drawing a link to North Korea.
"The similarities we see between malware linked to that group and WannaCry are not unique enough to be strongly suggestive of a common operator," FireEye researcher John Miller said.
US and European security officials told Reuters on condition of anonymity that it was too early to say who might be behind the attacks, but they did not rule out North Korea as a suspect.
The Lazarus hackers, acting for impoverished North Korea, have been more brazen in their pursuit of financial gain than others, and have been blamed for the theft of $81 million from the Bangladesh central bank, according to some cyber security firms. The United States accused it of being behind a cyber attack on Sony Pictures in 2014.
An official at South Korea's Korea Internet & Security Agency said on Tuesday the agency was sharing information with intelligence officials on recent cases reported for damages but was not in position to investigate the source of the attack. The official declined to comment on intelligence-related matters.
A South Korean police official that handles investigations into hacking and cyber breaches said he was aware of reports on North Korea link but said the police were not investigating yet.
Victims haven't requested investigations but they want their systems to be restored, the official said.
North Korea has denied being behind the Sony and banking attacks. North Korean officials were not immediately available for comment and its state media has been quiet about the matter.
Hauri researcher Choi said the code bore similarities with those allegedly used by North Korean hackers in the Sony and bank heists. He said based on his conversations with North Korean hackers, the reclusive state had been developing and testing ransomware programmes since August.
In one case, alleged hackers from North Korea demanded bitcoin in exchange for client information they had stolen from a South Korean shopping mall, Choi added.
The North Korean mission to the United Nations was not immediately available for comment on Monday.
While the attacks have raised concerns for cyber authorities and end-users worldwide, they have helped cybersecurity stocks as investors bet governments and corporations will spend more to upgrade their defenses.
Cisco Systems (CSCO.O) closed up 2.3 percent on Monday and was the second-biggest gainer in the Dow Jones Industrial Average.
One subscription. Two world-class reads.
Already subscribed? Log in
Subscribe to read the full story →*Subscribe to Business Standard digital and get complimentary access to The New York Times
Smart Quarterly
₹900
3 Months
₹300/Month
SAVE 25%
Smart Essential
₹2,700
1 Year
₹225/Month
SAVE 46%
*Complimentary New York Times access for the 2nd year will be given after 12 months
Super Saver
₹3,900
2 Years
₹162/Month
Subscribe
Renews automatically, cancel anytime
Here’s what’s included in our digital subscription plans
Exclusive premium stories online
Over 30 premium stories daily, handpicked by our editors
Complimentary Access to The New York Times
News, Games, Cooking, Audio, Wirecutter & The Athletic
Business Standard Epaper
Digital replica of our daily newspaper — with options to read, save, and share
Curated Newsletters
Insights on markets, finance, politics, tech, and more delivered to your inbox
Market Analysis & Investment Insights
In-depth market analysis & insights with access to The Smart Investor
Archives
Repository of articles and publications dating back to 1997
Ad-free Reading
Uninterrupted reading experience with no advertisements
Seamless Access Across All Devices
Access Business Standard across devices — mobile, tablet, or PC, via web or app
SAVE 25%