Security officials in the U.S. and Britain reportedly now believe that North Korean hackers likely conducted the unprecedented WannaCry cyberattack that crippled millions of computer systems around the world last month.
The United Kingdom’s National Cyber Security Centre (NCSC) recently linked last month’s wide-scale WannaCry ransomware infection to the Lazarus Group, a hacking outfit credited with waging several recent high-profile cyberattacks attributed to North Korea, BBC reported Friday, citing unnamed security sources.
The center’s American counterpart, the National Security Agency, separately concluded with “moderate confidence” that the Lazarus Group unleashed WannaCry last month, U.S. intelligence officials told The Washington Post earlier this week.
The NCSC said it could neither confirm nor deny the BBC’s claims, according to The Guardian. The NSA declined to comment, the Post previously reported.
WannaCry infected computer systems in roughly 150 countries within days of being unleashed last month, crippling a wide range of victims including Russia’s central bank as well as Britain’s public-health bureaucracy, the National Health Service (NHS). A total of 48 of the 248 NHS trusts were ultimately impacted by WannaCry after the ransomware worm wiggled its way through X-ray machines, computer stations and other vulnerable hospital hardware, locking out users and other momentarily rendering systems inoperable.
“Based on the velocity of the attack, estimated by sampling data we collected from our infrastructure currently blocking the attack, we believe that anywhere between 1 million to 2 million systems may have been affected in the hours prior to activating the kill switch, contrary to the widely reported—and more conservative—estimate of 200,000 systems,” security expert Salim Neino testified before the House Oversight and Research and Technology subcommittees during a hearing Thursday devoted to WannaCry.
While some security researchers considered North Korea a possible culprit in WannaCry’s immediate aftermath, the likelihood of a link to Pyongyang was initially disputed by some analysts. Kaspersky Labs and Symantec, two leading security firms, each reported similarities last month between WannaCry and other malware linked to the Lazarus Group, but declined to drawn any definitive conclusions. Other companies including SecureWorks, an Atlanta-based security firm, and FireEye, a central California competitor, have since separately found its own ties between WannaCry and the Lazarus Group, amplifying earlier suspicions concerning North Korea’s purported involvement.
Lazarus Group is believed to be intimately involved in North Korea’s offensive digital operations and has been blamed on previous headline-grabbing hacks including the Sony Pictures Entertainment breach in 2014.
North Korea’s deputy United Nations ambassador previously rejected claims of a connection to WannaCry as “ridiculous.”
• Andrew Blake can be reached at ablake@washingtontimes.com.
Please read our comment policy before commenting.