There is one theory on the origin behind the latest WannaCry ransomware cyber attack that has been plaguing the whole world.
The evidence is far from conclusive, but a prominent theory as to the master behind the orchestration of this large scale digital heist is North Korea.
The Lazurus Group is a team of hackers that has worked out of China on behalf of North Korea. They were behind the 2014 attack on Sony Pictures. Another one of their attacks was in 2016 on a Bangladeshi bank. This group’s main goal is to help North Korea raise money, and is funded and protected by them.
Some security experts are meticulously finding evidence that could link this Lazarus Group to this newest attack.
Neel Mehta, a Google security expert, found similarities between the code in WannaCry and other tools that the Lazurus Group has used in attacks in the past.
The text which demands the ransom also reads like something that was translated from Chinese into English by using a machine-translator. The Chinese segment is obviously written by a native-speaker. All this evidence is circumstantial, but once added up, it points a big finger in a very suspicious direction.
“Neel Mehta’s discovery is the most significant clue to date regarding the origins of WannaCry,” said Russian security firm Kaspersky, but noted a lot more information is needed about earlier versions of WannaCry before any firm conclusion can be reached. “We believe it’s important that other researchers around the world investigate these similarities and attempt to discover more facts about the origin of WannaCry,” the company added. “Looking back to the Bangladesh attack, in the early days, there were very few facts linking them to the Lazarus Group. “In time, more evidence appeared and allowed us, and others, to link them together with high confidence. Further research can be crucial to connecting the dots.” Attributing cyber-attacks can be notoriously difficult – often relying on consensus rather than confirmation. For example, North Korea has never admitted any involvement in the Sony Pictures hack – and while security researchers, and the US government, have confidence in the theory, neither can rule out the possibility of a false flag. Skilled hackers may have simply made it look like it had origins in North Korea by using similar techniques.