tiptrot.com June 23, 2018

Symantec says 'highly likely' North Korean hacking group behind ransomware attacks (SYMC)

24 May 2017, 04:04 | Gerardo Harmon

While security researchers at Symantec have followed the digital crumbs to conclude that Lazarus and North Korea are likely responsible for the WannaCry ransomware attack, security analysts at ICIT are of a different opinion.

Now researchers at United States security firm Symantec have said there is evidence of a connection between this particular attack and previous hacks carried out by the "Lazarus Group" - a cyber criminal group with links to Kim Jong-un's regime.

Security firm Symantec now says it is "highly likely" that Lazarus is to blame, having unearthed further evidence of the re-use of code from other attacks by the group.

The cyberattack that infected hundreds of thousands of computers worldwide was "highly likely" to have originated with Lazarus, a hacking group linked to the reclusive state, Symantec said.

Unlike most other APTs, North Korea's state security apparatus is often alleged to seek to generate money by hacking foreign nations, as it also controls the manufacture and distribution of methamphetamine in the country. That attack on Sony was linked to Lazarus. Destover, was the disk wiping tool used in this attack, the same tool used in the Sony Pictures attacks.

The Shadow Brokers, the group that stole the Microsoft exploit from the US National Security Agency and leaked it online, endorsed the North Korea theory. This earlier version was nearly identical to the version used in May 2017, with the only difference the method of propagation. The US government and private companies have accused North Korea in the 2014 Sony attack.

Researchers in the US, Russia and Israel have also pointed to a potential North Korean link - but it is notoriously hard to attribute cyber attacks.

The Lazarus group could be responsible for initiating the attack and it could be that other hackers are too, but the main concern here is the security of our internet connected devices.

The intelligence community will probably take away from this that there is a possibility of splinters in the Lazarus Group or members who are interested in filling their own pockets, and that could help.

Experts monitoring violations of sanctions on North Korea for the United Nations were reportedly hit with a "sustained" cyberattack by unknown hackers earlier this month.

Beau Woods, deputy director of the Cyber Statecraft Initiative at the Atlantic Council, said that the Korean language used in some versions of the WannaCry ransom note was not that of a native speaker, making a Lazarus connection unlikely.

Cyberattacks backed by governments "are usually impeccable, they don't make rookie mistakes", said Thakur. It is also possible that the writer in question was a contractor in another country, he said. With the hacking group also blamed for theft from the Bangladeshi central bank a year ago.

The code that WannaCry shares is a backdoor trojan known as Contopee.

The small number of Bitcoin wallets used by first version of WannaCry, and its limited spread, indicates that this was not a tool that was shared across cyber crime groups.

Other News


Trending Now

SBI Q4 profit doubles to Rs 2815 cr as NPA situation eases
SBI's GNPAs for the quarter increased by 3.8 per cent QoQ in Q4FY17 to Rs 112342 crore. On NPA assets, Bhattacharya said the NCLT is open to the bank.

How Trump's planned visit to the Western Wall spurred controversy
Be proactive - Use the "Flag as Inappropriate" link at the upper right corner of each comment to let us know of abusive posts . Palestinian officials were struck by the fact that Greenblatt, an Orthodox Jew, took off his skullcap for their meetings.

Chinese state media says US should take some blame for cyber attack
His point to governments is this: report vulnerabilities to vendors rather than exploit them. If you are running Windows 10, your computer won't be affected.

NFL Owners Pass Four Rule Changes, Allow More Celebrations
The cracking down on celebrations in recent seasons had more than one fan decrying the NFL as the "No Fun League". The NFL's goal is to make celebration penalties more consistent without disrupting the flow of the game.

Iran reformist drops out of election, supports Rouhani
That held true in 1997 with the election of reformer Seyyed Mohammad Khatami, who threw his support Monday behind Rouhani. Both have promised to create millions of jobs if elected and increase cash handouts to the poorer segments of society.

Stealth fighters escort Hawaii-bound flight after in-flight disturbance
The incident also prompted Pacific Command to dispatch a pair of F-22 fighter jets to intercept the passenger plane. Law enforcement officials initially told Hawaii News Now that the suspect had tried to enter the cockpit.

Galaxy C10 leaks, Samsung's first dual-camera smartphone
One thing Samsung compromised on to do this is by placing the Galaxy S8's fingerprint scanner on the back much to users' dismay. Earlier this month, there were rumors that a Samsung Galaxy C series smartphone will get dual-camera setup before the Note8.

Christie: Flynn wouldn't be allowed in White House if I were president
Christie declined to elaborate on his reservations about Flynn, citing classified information. Flynn, Christie allowed, could "go on a tour" like the rest of the public.

Mexican Award-winning Journalist Shot Dead in Sinaloa
The CPJ reported that, in the weeks before his murder, Valdez told the CPJ that he was concerned for his safety. They also held up photos of other murdered colleagues.

Branstad confirmed as Chinese ambassador
Although his heart will always be in Iowa, I know that Governor Branstad will throw himself into this job whole-heartedly. Professor Dong says the top priority will be getting the USA and China on the same page when dealing with North Korea.