WannaCry Ransomware News Update: Symantec Says 'Strong Links' Present Between Massive Attack and N. Korea Group
Security software company Symantec said there are now "strong links" between the massive WannaCry malware attack and the infamous group of hackers from North Korea called Lazarus.
Meanwhile, Symantec clarifies, "Despite the links to Lazarus, the WannaCry attacks do not bear the hallmarks of a nation-state campaign but are more typical of a cybercrime campaign."
Lazarus has been identified as the perpetrators in some of the biggest cyber heists in the past. The group was linked to the Sony Pictures Entertainment breach in November 2014 and to the hacking of the Society for Worldwide Interbank Telecommunication network that led to an $81 million theft from the Bangladesh Central Bank.
Get Our Latest News for FREE
The comprehensive research by Symantec says there were several codes and malwares seen in machines of WannaCry victims that have been specifically used in past cyberattacks that were attributed to the Lazarus group.
The computer security company explained, "Following the first WannaCry attack in February, three pieces of malware linked to Lazarus were discovered on the victim's network: Trojan.Volgmer and two variants of Backdoor.Destover, the disk-wiping tool used in the Sony Pictures attacks."
Symantec also spotted a malware known as Trojan.Alphanc that was a tool in the spread of WannaCry between March and April. It was later on discovered to be a modified version of another one that Lazarus reportedly used before called Backdoor.Duuzer.
According to the security analysts, WannaCry had similar codes with malware Backdoor.Contopee, which had also been linked to Lazarus before. Another malware named Trojan.Bravonc was reportedly being controlled through the same IP address as Backdoor.Duuzer and Backdoor.Destover — both have been related to Lazarus in the past as well.
The research also adds that the evidence of the first WannaCry attack was spotted in one company back in February. "Within two minutes of the initial infection, more than 100 computers in the organization were infected," Symantec further explained.
WannaCry has reportedly spread to 150 countries, affecting 200,000 computers, which makes security analysts believe that this is one of the most massive cyberattacks in history.
Big corporations and government institutions were not excluded from the attacks. The computer networks of the National Health Services of United Kingdom, FedEx, Nissan plants, major companies in Russia, Chinese universities and more have claimed they were also victimized by the WannaCry hackers.
