Sony hackers ‘highly likely’ responsible for WannaCry ransomware attack: Report

The hacking group widely blamed for breaching Sony Pictures in 2014 was “highly likely” behind the unprecedented WannaCry ransomware attack responsible for crippling computer systems around the world this month, a leading American cybersecurity firm said Monday.

An analysis of the recent “WannaCry” ransomware attack has uncovered “strong links” connecting its perpetrators with previous activity attributed to the so-called Lazarus Group, a cybercrime outfit accused of conducting the colossal Sony hack and other high-profile intrusions, according to Symantec, a Silicon Valley-based security company.

Symantec’s Security Response Team has uncovered “substantial commonalities in the tools, techniques and infrastructure used by the attackers and those seen in previous Lazarus attacks, making it highly likely that Lazarus was behind the spread of WannaCry,” it said in a Monday blog post.

Considered alongside earlier research, the latest findings further support the notion that WannaCry was unleashed by North Korean hackers: The FBI officially blamed the North Korea government in 2014 with hacking Sony, while private security researchers have largely linked that attack to the Lazarus Group, a likely state-sponsored organization with previously established ties to Pyongyang.

Symantec and Russian-based competitor Kaspersky Labs first acknowledged finding ties last week between WannaCry and the Lazarus Group, but admitted their evidence wasn’t enough to implicate any specific actor.

And While Symantec declined to pinpoint WannaCry to any nation-state in its follow-up report Monday, an analyst at FireEye, another California-based security firm, told Bloomberg that its research suggests some sort of connection exists between the ransomware attack and North Korea.

“The shared code likely means that, at a minimum, WannaCry operators share software development resources with North Korean espionage operators,” Ben Read of FireEye told Bloomberg on Tuesday.

WannaCry infected over 200,000 computer systems across more than 150 countries this month, saddling victims ranging from Russia’s central bank to Britain’s public health care system by infecting networks with ransomware, a type of malware increasingly used by online extortionists.

“Despite the links to Lazarus, the WannaCry attacks do not bear the hallmarks of a nation-state campaign but are more typical of a cybercrime campaign,” Symantec said in Monday’s report.

In addition to Sony, Lazarus has previously been attributed with cyberattacks suffered by the likes of the Bangladesh central bank, among other victims.

In April, Kaspersky said it found digital evidence establishing a “direct link” between North Korea and Lazarus while investigation the bank heist.

North Korea’s deputy United Nations ambassador flatly denied Pyongyang was responsible for WannaCry during a press conference last week, in the wake of Symantec and Kaspersky’s initial reports, calling the claims “ridiculous.”