North Korean hackers suspected of being behind ransomware

Security experts on May 15 gave signs that North Korean hackers were likely behind the recent global ransomware attack.

Wannacry ransomware ransom note provided by security firm Symantec. Photo: Symantec/Reuters

According to AFP news agency, one of the first pieces of evidence was provided by security expert Neel Mehta of Google corporation.

Neel Mehta provided computer code showing similarities between the malware known as WannaCry and another malware that was responsible for a large-scale cyber attack previously blamed on Pyongyang hackers.

Researchers at Russia-based security firm Kaspersky say this is an important clue.

“More research is needed on older versions of the Wannacry malware, which we believe could hold key information to solve some of the mysteries surrounding the attack,” Kaspersky researchers said.

One thing is for sure, Mr. Neel Mehta's discovery is the most important clue to date regarding the origin of the Wannacry malware.

According to Kaspersky, the similarities in the code have led all suspicions to now point to a hacker organization called Lazarus, a hacker group that many security firms believe to be North Korean hackers.

This is the hacker group believed to be behind the 2014 cyber attack on Sony Pictures.

Lazarus is also suspected of being involved in cyber attacks against the Bangladesh central bank and many other organizations in the global financial system.

According to Kaspersky, the scale of Lazarus's operations is terrifying. Security researchers said: "This organization has been very active since 2001.... Larazus currently operates a malware factory that creates new types of malware through multiple independent distribution channels."

Along with Kaspersky, according to Reuters news agency, on May 15, network security company Symantec also said it was looking into clues that the Wanncry malware was related to previous malware attacks by North Korean hackers.

Symantec also found similar code connections, but the company cautioned that it was difficult to draw a conclusion based on this common piece of code.

“While the links are there, so far they are weak,” Symatec said in a statement, according to The Verge. “We are continuing to investigate to find stronger links.”

Israel-based security firm Intezer Labs has expressed support for the hypothesis that North Korea was behind the ransomware attack.

“@IntezerLabs confirms North Korean hackers are responsible for #WannaCry, not just Lazarus Group activity. More information to come,” Intezer Labs CEO Itai Tevet wrote on Twitter.

According to Tuoi Tre