Skip to content
Search

Latest Stories

Google researcher links ransomware attack to North Korea

An security researcher with Google has found evidence suggesting that North Korean hackers may have carried out the "unprecedented" ransomware cyberattack that hit over 150 countries, including India.

Neel Mehta has published a code which a Russian security firm has termed as the "most significant clue to date", the BBC reported today.


The code, published on Twitter, is exclusive to North Korean hackers, researchers said.

Researchers have said that some of the code used in Friday's ransomware, known as WannaCry software, was nearly identical to the code used by the Lazarus Group, a group of North Korean hackers who used a similar version for the devastating hack of Sony Pictures Entertainment in 2014 and the last years hack of Bangladesh Central Bank.

Security experts are now cautiously linking the Lazarus Group to this latest attack after the discovery by Mehta.

Mehta has found similarities between code found within WannaCry and other tools believed to have been created by the Lazarus Group in the past, BBC reported.

Security expert Prof Alan Woodward said that time stamps within the original WannaCry code are set to UTC +9 - China's time zone - and the text demanding the ransom uses what reads like machine-translated English, but a Chinese segment apparently written by a native speaker, the report said.

"As you can see it is pretty thin and all circumstantial. However, it is worth further investigation," Woodward said.

"Neel Mehta's discovery is the most significant clue to date regarding the origins of WannaCry," said Russian security firm Kaspersky, but noted a lot more information is needed about earlier versions of WannaCry before any firm conclusion can be reached, it reported.

"We believe it is important that other researchers around the world investigate these similarities and attempt to discover more facts about the origin of WannaCry," it said.

Attributing cyberattacks can be notoriously difficult - often relying on consensus rather than confirmation, the report said.

North Korea has never admitted any involvement in the Sony Pictures hack - and while security researchers, and the US government, have confidence in the theory, neither can rule out the possibility of a false flag, it said.

Skilled hackers may have simply made it look like it had origins in North Korea by using similar techniques.

In the case of WannaCry, it is possible that hackers simply copied code from earlier attacks by the Lazarus Group.

"There's a lot of ifs in there. It wouldn't stand up in court as it is. But its worth looking deeper, being conscious of confirmation bias now that North Korea has been identified as a possibility," Woodward said.

Its the strongest theory yet as to the origin of WannaCry, but there are also details that arguably point away from it being the work of North Korea.

First, China was among the countries worst hit, and not accidentally - the hackers made sure there was a version of the ransom note written in Chinese. It seems unlikely North Korea would want to antagonise its strongest ally. Russia too was badly affected, the report said.

Second, North Korean cyber-attacks have typically been far more targeted, often with a political goal in mind.

In the case of Sony Pictures, hackers sought to prevent the release of The Interview, a film that mocked North Korean leader Kim Jong-Un. WannaCry, in contrast, was wildly indiscriminate - it would infect anything and everything it could, the report said.

Finally, if the plan was simply to make money, its been pretty unsuccessful on that front too - only around $60,000 has been paid in ransoms, according to analysis of Bitcoin accounts being used by the criminals.

With more than 200,000 machines infected, its a terrible return, the report said.

On Friday, Europol Director Rob Wainwright said: "The global reach is unprecedented. The latest count is over 200,000 victims in at least 150 countries and those victims many of those will be businesses including large corporations".

The most disruptive attacks were reported in the UK, where hospitals and clinics were forced to turn away patients after losing access to computers.

More For You

Streeting hails India’s global role as Labour backs bilateral relations

Wes Streeting addresses the Republic Day reception at the Guildhall in London last Tuesday (28),joined by Sir Lindsay Hoyle and Vikram Doraiswami

Streeting hails India’s global role as Labour backs bilateral relations

WES STREETING spoke of the priority prime minister Sir Keir Starmer and the Labour government attach to relations with India when he addressed a Republic Day reception at the Guildhall in London last Tuesday (28).

But the secretary of state for health and social care won over the large Indian crowd by paying an unexpected tribute to Rishi Sunak.

Keep ReadingShow less
Sri Lanka seeks to negotiate with Adani over renewable energy plants

Gautam Adani

Sri Lanka seeks to negotiate with Adani over renewable energy plants

SRI LANKA’S government started talks with India’s Adani Group to lower the cost of power from two wind power projects the group will build in the island nation’s northern province, the cabinet spokesman said last Tuesday (28).

Sri Lanka has been reviewing the group’s local projects after US authorities in November accused billionaire founder Gautam Adani and other executives of being part of a scheme to pay bribes to secure Indian power supply contracts. Adani has denied the allegations.

Keep ReadingShow less
Badenoch proposes stricter citizenship rules for all migrants

Kemi Badenoch delivers speech on January 16, 2025 in London, England. (Photo by Dan Kitwood/Getty Images)

Badenoch proposes stricter citizenship rules for all migrants

CONSERVATIVE PARTY on Thursday (6) proposed a clampdown on all migrants by tightening citizenship rules and barring social benefit claimants from residency rights.

Kemi Badenoch, who took over from Rishi Sunak in November last year, outlined her first major policy agenda as Tory leader in a move seen as an attempt to win back the support of Conservative voters drawn to the far-right anti-immigrant Reform party.

Keep ReadingShow less
New body led by Sir Sajid Javid aims to amplify ‘unheard’ voices
Sajid Javid

New body led by Sir Sajid Javid aims to amplify ‘unheard’ voices

A NEW independent commission to improve cohesion would engage across all nations and regions of the UK by moving beyond Westminster-centric discussions and include more diverse voices, the director of British Future thinktank has said.

Sunder Katwala said building confidence across different groups will be a priority, as economic pressures and tensions due to Middle East conflict have polarised communities in the UK.

Keep ReadingShow less
Pakistan court gives unusual punishment to Youtuber Rajab Butt for owning lion cub

Pakistani zookeeper Mohammad Amir holds the confiscated lion cub at Lahore’s safari zoo last Tuesday (28)

Pakistan court gives unusual punishment to Youtuber Rajab Butt for owning lion cub

A PAKISTANI YouTube star who was gifted a lion cub on his wedding day avoided jail after promising a judge to upload animal rights videos for a year.

Rajab Butt has one of the largest online followings in south Asia, and his week-long nuptials in December were plastered over celebrity gossip websites.

Keep ReadingShow less