WannaCry: Indian origin Google researcher points to North Korea link
For now, more research is required into older versions of Wannacry
WannaCry the ransomware which hit over 3 lakh machines in 150 countries since the past few days shares code malware written by a group of North Korean group known as the Lazarus Group. Neel Mehta, a security researcher at Google first pointed the shared code on Monday on Twitter.
Cybersecurity firms Symantec and Kaspersky have independently found distinct instances of overlapping code between WannaCry and Lazarus Group.
"From a technical point of view those two functions and their references are identical," said Matt Suiche, founder of United Arab Emirates-based cybersecurity firm Comaeio.
Contopee
is
a
backdoor
trojan
used
to
take
over
a
target's
computer.
It's
been
used
by
North
Korea-linked
hackers
to
attack
the
financial
industry
in
South
East
Asia.
The
campaign
is
one
facet
of
North
Korea's
greater
bank
hacking
operations
that
included
an
$81
million
theft
from
Bangladesh
last
year.
Lazarus
Group
has
been
known
to
utilize
and
target
Bitcoin
in
their
hacking
operations.
No government official has attributed the global ransomware attack to any party, nation-state or otherwise. Attribution and punishment is "something that we are working on quite seriously," Homeland Security Adviser Tom Bossert said during a White House briefing on Monday.
For now, more research is required into older versions of Wannacry," Kaspersky Labs researchers wrote in a blog post on Monday. "We believe this might hold the key to solve some of the mysteries around this attack. One thing is for sure - Neel Mehta's discovery is the most significant clue to date regarding the origins of Wannacry.
OneIndia News