WanaCrypt Linked to North Korea
Posted by: Timothy Weaver on 05/16/2017 03:24 PM
[
Comments
]
Is the Lazarus Group behind the WanaCrypt ransomware?
Analysis of the code seems to indicate that there are apparent links to the hacking group. Symantec researchers found hacking tools that are "exclusively used by Lazarus".
Google security researcher Neel Mehta tweeted two excerpts of WannaCry code which Symantec also found on known Lazarus malware tools. Those pieces of malware include the backdoor trojan Contopee and the Brambul worm.
Symantec went on to say that the code is an SSL attack that "uses a specific sequence of 75 ciphers, which to date have only been seen across Lazarus tools and WannaCry variants."
Kaspersky Lab says: "Neel Mehta's discovery is the most significant clue to date regarding the origins of Wannacry."
Matthieu Suiche, founder of Comae Technologies, praised Mehta's discovery: "The attribution to Lazarus Group would make sense regarding their narrative, which in the past was dominated by infiltrating financial institutions in the goal of stealing money," Suiche states in his blog. "If validated, this means the latest iteration of WannaCry would in fact be the first [known] nation-state powered ransomware."
The Lazarus Group is linked to North Korea.
"We believe Lazarus is not just 'yet another APT actor,' Kaspersky warns in its blog. "The scale of the Lazarus operations is shocking... Lazarus is operating a malware factory that produces new samples via multiple independent conveyors."
Source: SCMagazine
Analysis of the code seems to indicate that there are apparent links to the hacking group. Symantec researchers found hacking tools that are "exclusively used by Lazarus".Google security researcher Neel Mehta tweeted two excerpts of WannaCry code which Symantec also found on known Lazarus malware tools. Those pieces of malware include the backdoor trojan Contopee and the Brambul worm.
Symantec went on to say that the code is an SSL attack that "uses a specific sequence of 75 ciphers, which to date have only been seen across Lazarus tools and WannaCry variants."
Kaspersky Lab says: "Neel Mehta's discovery is the most significant clue to date regarding the origins of Wannacry."
Matthieu Suiche, founder of Comae Technologies, praised Mehta's discovery: "The attribution to Lazarus Group would make sense regarding their narrative, which in the past was dominated by infiltrating financial institutions in the goal of stealing money," Suiche states in his blog. "If validated, this means the latest iteration of WannaCry would in fact be the first [known] nation-state powered ransomware."
The Lazarus Group is linked to North Korea.
"We believe Lazarus is not just 'yet another APT actor,' Kaspersky warns in its blog. "The scale of the Lazarus operations is shocking... Lazarus is operating a malware factory that produces new samples via multiple independent conveyors."
Source: SCMagazine
Comments
