Published: Tue, May 23, 2017
Worldwide | By Gretchen Simon

Hackers threaten to release more code


And South Korea had accused the North of attempting to breach the cybersecurity of its banks, broadcasters and power plants on numerous occasions.

A Centre for Strategic and International Studies report in August highlighted that North Korea operated a cyber warfare unit of 3000 elite hackers called Unit or Bureau 121, who has broken into systems and spread viruses.

Cybersecurity researchers said this week that the massive "WannaCry" virus that has infected computers around the globe was developed using some of the same code used in the 2014 hack of Sony Pictures, raising the possibility that the hackers may have a connection to North Korea.

The same experts believe the attack was orchestrated by the so-called organization Lazarus, who in the past initiated the same malware upon Sony Pictures. In 2015, they reportedly pulled off an $81 million heist on a Bangladeshi Bank and in February pulled off a similar attack in Poland.

Mehta is referring to the two code samples here, but he doesn't go any further.

Pyongyang is also suspected of turning 60,000 computers in South Korea into "zombies", or computers that have been compromised by hackers and can then be used for cyberattacks. Another researcher, Comae Technologies' Matthieu Suiche, corroborated the findings.

Deputy Attorney General Rod Rosenstein defends Comey memo
On October 28, Comey sent a letter to Congress announcing he would revisit the investigation. Attorney General Jeff Sessions has recused himself from the probe.

In the case of WannaCry, it is possible that hackers simply copied code from earlier attacks by the Lazarus Group.

The link isn't definite. "But these indicators are not enough to definitively say it's Lazarus at all", said Symantec Researcher Eric Chien.

"For now, more research is required into older versions of Wannacry". And both said this could all be a "false flag" created to mislead law enforcement trying to track down the culprits. "It requires a certain level of social interaction and file storage, outside of those with other hacking groups, that DPRK hackers and cyberwar units would not engage".

"Previous ransomwares required people to click an attachment in an email or access a specific website to get infected, but this time [computers] can be infected without getting an email or access to a website, just by connecting an Internet cable", said Choi. PSA Group, Fiat Chrysler, Volkswagen, Daimler, Toyota and Honda said their plants were unaffected. In addition, we found code in WannaCry used in SSL routines that historically was unique to Lazarus tools.

WannaCry has been characterized as a sloppy attack with poor money handling on the ransom end, putting an nearly absurdly small sum in the hackers' Bitcoin account compared to the scale of global havoc they have inflicted.

The United States likely avoided greater harm as the attack targeted older versions of Microsoft Corp's (MSFT.O) Windows operating system, and more U.S. users have licensed, up-to-date, patched versions of the software, compared to other regions of the world.

Like this: