North Korean hackers suspected of being behind ransomware

Security experts on May 15 gave signs that North Korean hackers were likely behind the recent global ransomware attack.

Wannacry ransomware ransom note provided by security firm Symantec. Photo: Symantec/Reuters

According to AFP news agency, one of the first pieces of evidence was provided by security expert Neel Mehta of Google corporation.

Mr. Neel Mehta provided computer code showing similarities between the malware called WannaCry and another malware that caused a large-scale cyber attack that was previously attributed to Pyongyang hackers.

Researchers at Russia-based security firm Kaspersky say this is an important clue.

Kaspersky researchers said: “More research is needed on older versions of the Wannacry malware. We believe this could contain key information to solve some of the mysteries surrounding the attack.

One thing is for sure, Mr. Neel Mehta's discovery is the most important clue so far related to the origin of the Wannacry malware.

According to Kaspersky, the similarities in the code have now led all suspicions to point to a hacker organization called Lazarus, a hacker group that many security firms believe to be North Korean hackers.

This is the hacker group believed to be behind the 2014 cyber attack on Sony Pictures.

Lazarus is also suspected of being involved in cyber attacks against the Bangladesh central bank and many other organizations in the global financial system.

According to Kaspersky, the scale of Lazarus's operations is terrifying. Security researchers said: "This organization has been very active since 2001... Larazus currently operates a malware factory that creates new types of malware through many independent distribution channels."

Along with Kaspersky, according to Reuters news agency, on May 15, network security firm Symantec also said it was looking into clues that the Wannacry malware was related to previous malware attacks by North Korean hackers.

Symantec also found similar code connections, but the company cautioned that it was difficult to draw a conclusion based on this common code alone.

The Verge quoted Symatec's statement as saying: "Although the connections are there, so far they only show weak connections. We are continuing to investigate to find stronger connections."

Israel-based security firm Intezer Labs has expressed support for the hypothesis that North Korea was behind the ransomware attack.

“@IntezerLabs confirms North Korean hackers are responsible for #WannaCry, not just Lazarus Group activity. More information to come,” Intezer Labs CEO Itai Tevet wrote on Twitter.

According to Tuoi Tre