tiptrot.com
tiptrot.com June 26, 2017


Symantec says 'highly likely' North Korean hacking group behind ransomware attacks (SYMC)

24 May 2017, 04:04 | Gerardo Harmon

North Korea Denies Involvement in WannaCry Ransomware Outbreak

Symantec increasingly confident Wanna Cry linked to North Korea

While security researchers at Symantec have followed the digital crumbs to conclude that Lazarus and North Korea are likely responsible for the WannaCry ransomware attack, security analysts at ICIT are of a different opinion.

Now researchers at United States security firm Symantec have said there is evidence of a connection between this particular attack and previous hacks carried out by the "Lazarus Group" - a cyber criminal group with links to Kim Jong-un's regime.

Security firm Symantec now says it is "highly likely" that Lazarus is to blame, having unearthed further evidence of the re-use of code from other attacks by the group.

The cyberattack that infected hundreds of thousands of computers worldwide was "highly likely" to have originated with Lazarus, a hacking group linked to the reclusive state, Symantec said.

Unlike most other APTs, North Korea's state security apparatus is often alleged to seek to generate money by hacking foreign nations, as it also controls the manufacture and distribution of methamphetamine in the country. That attack on Sony was linked to Lazarus. Destover, was the disk wiping tool used in this attack, the same tool used in the Sony Pictures attacks.

The Shadow Brokers, the group that stole the Microsoft exploit from the US National Security Agency and leaked it online, endorsed the North Korea theory. This earlier version was nearly identical to the version used in May 2017, with the only difference the method of propagation. The US government and private companies have accused North Korea in the 2014 Sony attack.

Researchers in the US, Russia and Israel have also pointed to a potential North Korean link - but it is notoriously hard to attribute cyber attacks.


The Lazarus group could be responsible for initiating the attack and it could be that other hackers are too, but the main concern here is the security of our internet connected devices.

The intelligence community will probably take away from this that there is a possibility of splinters in the Lazarus Group or members who are interested in filling their own pockets, and that could help.

Experts monitoring violations of sanctions on North Korea for the United Nations were reportedly hit with a "sustained" cyberattack by unknown hackers earlier this month.

Beau Woods, deputy director of the Cyber Statecraft Initiative at the Atlantic Council, said that the Korean language used in some versions of the WannaCry ransom note was not that of a native speaker, making a Lazarus connection unlikely.

Cyberattacks backed by governments "are usually impeccable, they don't make rookie mistakes", said Thakur. It is also possible that the writer in question was a contractor in another country, he said. With the hacking group also blamed for theft from the Bangladeshi central bank a year ago.

The code that WannaCry shares is a backdoor trojan known as Contopee.

The small number of Bitcoin wallets used by first version of WannaCry, and its limited spread, indicates that this was not a tool that was shared across cyber crime groups.



Other News

Trending Now

Trump campaign had at least 18 undisclosed contacts with Russians
Fired National Security Adviser had six previously undisclosed conversations with Russian ambassador Sergei Kislyak . Their discussions included plans to create a back channel for Trump and Putin to communicate.

Army foils infiltration bid on LoC, 3 soldiers among 7 killed
Sources told Mirror that after the operation was resumed, the terrorists who were hiding started firing in which one soldier died. An official said that four weapons and other war-like stores had been recovered from the encounter site.

Chinese state media says US should take some blame for cyber attack
His point to governments is this: report vulnerabilities to vendors rather than exploit them. If you are running Windows 10, your computer won't be affected.

Yates: Alarm About Russian Blackmail Led To Warning On Flynn
Here are some of the biggest issues that have not been directly answered by any current or former government official. These sanctions were punishment for alleged Russian meddling in the election to try to help Trump win.

22 million WannaCry ransomware attack attempts blocked by Symantec
The computing giant said software vulnerabilities hoarded by governments had caused "widespread damage", the BBC reported . A Cybercpace Administration of China official said on Monday, that although the virus is still spreading, it has slowed.

Kate Middleton Is Worried That Her Kids Will Misbehave at Pippa's Wedding
Tuesday's event marked the first of three garden parties that the Queen hosts each summer at her iconic London residence. As for her wedding gown, it's likely that Pippa will choose British designer Giles Deacon , reports Yahoo .

Ransomware attack hit more than 100000 organizations, says Interpol
Or we could potentially see copycats mimic the delivery or exploit method they used". Better still, set the system to automatically do this on your behalf.

WannaCry Ransomware: Microsoft Calls Out NSA For 'Stockpiling' Vulnerabilities
But that's complicated, because hackers need to find security flaws that are unknown, widespread and relatively easy to exploit. The malware, which can only affect a computer if it is on, may spread further on Monday as people return to work.

Stealth fighters escort Hawaii-bound flight after in-flight disturbance
The incident also prompted Pacific Command to dispatch a pair of F-22 fighter jets to intercept the passenger plane. Law enforcement officials initially told Hawaii News Now that the suspect had tried to enter the cockpit.

Seasonal Coast Guard Stations Open for Summer Boating Season
The Coast Guard rescued three mariners Sunday afternoon from a boat that was taking on water in Moriches Bay, authorities said. One was using a stand-up paddleboard, the other was a kayaker who had said he had capsized, according to the fire department.