tiptrot.com October 17, 2017

Symantec says 'highly likely' North Korean hacking group behind ransomware attacks (SYMC)

24 May 2017, 04:04 | Gerardo Harmon

While security researchers at Symantec have followed the digital crumbs to conclude that Lazarus and North Korea are likely responsible for the WannaCry ransomware attack, security analysts at ICIT are of a different opinion.

Now researchers at United States security firm Symantec have said there is evidence of a connection between this particular attack and previous hacks carried out by the "Lazarus Group" - a cyber criminal group with links to Kim Jong-un's regime.

Security firm Symantec now says it is "highly likely" that Lazarus is to blame, having unearthed further evidence of the re-use of code from other attacks by the group.

The cyberattack that infected hundreds of thousands of computers worldwide was "highly likely" to have originated with Lazarus, a hacking group linked to the reclusive state, Symantec said.

Unlike most other APTs, North Korea's state security apparatus is often alleged to seek to generate money by hacking foreign nations, as it also controls the manufacture and distribution of methamphetamine in the country. That attack on Sony was linked to Lazarus. Destover, was the disk wiping tool used in this attack, the same tool used in the Sony Pictures attacks.

The Shadow Brokers, the group that stole the Microsoft exploit from the US National Security Agency and leaked it online, endorsed the North Korea theory. This earlier version was nearly identical to the version used in May 2017, with the only difference the method of propagation. The US government and private companies have accused North Korea in the 2014 Sony attack.

Researchers in the US, Russia and Israel have also pointed to a potential North Korean link - but it is notoriously hard to attribute cyber attacks.

The Lazarus group could be responsible for initiating the attack and it could be that other hackers are too, but the main concern here is the security of our internet connected devices.

The intelligence community will probably take away from this that there is a possibility of splinters in the Lazarus Group or members who are interested in filling their own pockets, and that could help.

Experts monitoring violations of sanctions on North Korea for the United Nations were reportedly hit with a "sustained" cyberattack by unknown hackers earlier this month.

Beau Woods, deputy director of the Cyber Statecraft Initiative at the Atlantic Council, said that the Korean language used in some versions of the WannaCry ransom note was not that of a native speaker, making a Lazarus connection unlikely.

Cyberattacks backed by governments "are usually impeccable, they don't make rookie mistakes", said Thakur. It is also possible that the writer in question was a contractor in another country, he said. With the hacking group also blamed for theft from the Bangladeshi central bank a year ago.

The code that WannaCry shares is a backdoor trojan known as Contopee.

The small number of Bitcoin wallets used by first version of WannaCry, and its limited spread, indicates that this was not a tool that was shared across cyber crime groups.

Other News

Trending Now

India didn't win Jadhav case: Pakistan's ICJ lawyer
The Pakistani authorities then asked him to show his visa documents, but the man said that he does not have any such documents. The Pakistani team has enough evidence to present against Jadhav, Aziz said.

NFL Owners Pass Four Rule Changes, Allow More Celebrations
The cracking down on celebrations in recent seasons had more than one fan decrying the NFL as the "No Fun League". The NFL's goal is to make celebration penalties more consistent without disrupting the flow of the game.

Chinese state media says US should take some blame for cyber attack
His point to governments is this: report vulnerabilities to vendors rather than exploit them. If you are running Windows 10, your computer won't be affected.

Seasonal Coast Guard Stations Open for Summer Boating Season
The Coast Guard rescued three mariners Sunday afternoon from a boat that was taking on water in Moriches Bay, authorities said. One was using a stand-up paddleboard, the other was a kayaker who had said he had capsized, according to the fire department.

Ransomware Cyber-Attack A Wake-Up Call, Microsoft Warns
The cyberattack, which began in London Friday morning, has so far affected 150 countries and locked 200,000 computers . Repeatedly, exploits in the hands of governments have leaked into the public domain and caused widespread damage.

Premier League table: Where could every team finish this season?
Arsenal legend Ian Wright has backed Gunners fans for "voting with their feet" and boycotting the club's game against Sunderland. A victory at home to Everton on Sunday may still not be enough given and could hand them their worst league finish since 1996.

Kate Middleton Is Worried That Her Kids Will Misbehave at Pippa's Wedding
Tuesday's event marked the first of three garden parties that the Queen hosts each summer at her iconic London residence. As for her wedding gown, it's likely that Pippa will choose British designer Giles Deacon , reports Yahoo .

Deepika Padukone at her stunning best: Top 5 'game changer' looks
On Day 1 of Cannes Film Festival yesterday, it was Deepika's turn to hit one of the world's most stylish red carpet. The actress has shown she can rule the red carpet, as she creates memorable outfits and captivating looks.

Mark Zuckerberg Reveals Video Of Exact Moment He Was Accepted Into Harvard
He initially tried to push the camera away before he celebrated with a quiet: " Yay, I got accepted ". One lesson I've learned from marriage is that exploring together just gets better over time.

Ransomware attack hit more than 100000 organizations, says Interpol
Or we could potentially see copycats mimic the delivery or exploit method they used". Better still, set the system to automatically do this on your behalf.