WannaCry: Indian origin Google researcher points to North Korea link
WannaCry the ransomware which hit over 3 lakh machines in 150 countries since the past few days shares code malware written by a group of North Korean group known as the Lazarus Group. Neel Mehta, a security researcher at Google first pointed the shared code on Monday on Twitter.
Cybersecurity firms Symantec and Kaspersky have independently found distinct instances of overlapping code between WannaCry and Lazarus Group.
"From a technical point of view those two functions and their references are identical," said Matt Suiche, founder of United Arab Emirates-based cybersecurity firm Comaeio.
Contopee is a backdoor trojan used to take over a target's computer. It's been used by North Korea-linked hackers to attack the financial industry in South East Asia. The campaign is one facet of North Korea's greater bank hacking operations that included an $81 million theft from Bangladesh last year.
Lazarus Group has been known to utilize and target Bitcoin in their hacking operations.
No government official has attributed the global ransomware attack to any party, nation-state or otherwise. Attribution and punishment is "something that we are working on quite seriously," Homeland Security Adviser Tom Bossert said during a White House briefing on Monday.
For now, more research is required into older versions of Wannacry," Kaspersky Labs researchers wrote in a blog post on Monday. "We believe this might hold the key to solve some of the mysteries around this attack. One thing is for sure - Neel Mehta's discovery is the most significant clue to date regarding the origins of Wannacry.