Wannacry: The hunt started. North Korea behind the attack?

After the first shock from Wannacry's global attack, the authorities began hunting for those behind the biggest ransomware attack ever.

"We are searching through huge amounts of data associated with attack to identify patterns", said Lynne Owens, general manager of the National Crime Agency, the British anti-organized crime group.

The National Crime Agency works alongside international law enforcement partners, including Europol, Interpol and the FBI, to investigate the attacks.Wannacry

“We are actively exchanging information about this event and are ready to provide technical assistance and assistance as needed to our partners, both in the United States and internationally.”

But the "surprise" in WannaCry's story came from a Google researcher who wants the ransomware writers to be from North Korea.

Earlier today, Google Neel Mehta researcher published a Twitter message containing the hashtag #WannaCryptAttribution.

The message contains compares samples from the WannaCry crypt sample from February of 2017 and a sample of the group Lazarus APT from February of 2015, as people point out to Kaspersky Lab. The commands presented in the tweet represent a unique coding algorithm.

The Lazarus team is a well-known hacker group. They have been linked to the Sony Wiper attack, as well as the Bangladesh bank tragedy that left them a few million poorer. The group operates from και έχουν συγκεντρωθεί εκατοντάδες δείγματα από τον κώδικα που χρησιμοποιούν. Αποκαλύφθηκε ότι δημιουργούσαν κακόβουλα προthem, developing new samples through “multiple independent carriers”.

There are, of course, many questions about the "appearance" of the Lazarus team at the moment. Is it true or is it just someone who imitates them?

Besides, it is not so difficult for WannaCry authors to copy the code used by Lazarus team. Moreover, the current situation with to concentrate their fleet around North Korea, allows for many consensual correlations…

On the other hand, the code seems to have not been removed from 2015's backdoor code, which makes history much more reliable.

Kaspersky researchers are pretty sure that WannaCry's sample released in February of 2017 was compiled by the same people who are behind the current attack or by people who have access to the same source code.

Other security researchers, besides Mehta, have noticed the same similarity as Matthew Suiche of Comae Technologies, who discovered and stopped a new variant of malware by activating a different kill switch.

https://twitter.com/msuiche/status/864179805402607623

Now, interest will be if Lazarus team be recognized by the US intelligence. Kaspersky Lab itself presented some evidence only about a month ago, linking the attacks on the banks of Vietnam, the Bangladesh bank, as well as the SWIFT banking system, to the Lazarus group and North Korea.

iGuRu.gr The Best Technology Site in Greeceggns

Get the best viral stories straight into your inbox!















Written by giorgos

George still wonders what he's doing here ...

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).