Law enforcement officials flag North Korea link

Share

A ransomware attack that hijacked computers in vital business and services around the globe since last Friday has been linked to hackers connected to North Korea.

Researchers at security firm Proofpoint said the related attack, which installs a currency "miner" that generates digital cash, began infecting machines in late April or early May but had not been previously discovered because it allows computers to operate while creating the digital cash in the background.

Security researchers and US intelligence officials have cautioned that such evidence is not conclusive, and the investigation is in its early stages.

Like WannaCry, the program attacks via a flaw in Microsoft Corp's Windows software.

In 2016, the North Korean government stole no less than $81 million from Bangladesh' Central Bank.

American cybersecurity firm Symantec also said that it found a code used in the malware that "historically was unique to Lazarus tools", but it didn't speculate on North Korea's role in the attack.

More attacks were possible, Choi said, "especially given that, unlike missile or nuclear tests, they can deny their involvement in attacks in cyberspace and get away with it".

More news: G-7 Summit Ends Without US Joining Consensus On Climate Change
More news: Rouhani hails Azerbaijan as Iran's great neighbor
More news: Philippine Officials: Foreigners Among Islamist Gunmen Involved in Marawi Violence

The United States likely avoided greater harm as the attack targeted older versions of Microsoft Corp's (MSFT.O) Windows operating system, and more U.S. users have licensed, up-to-date, patched versions of the software, compared to other regions of the world. "We are continuing to investigate for stronger connections", Symantec said in a statement.

US and European security officials told Reuters on condition of anonymity that it was too early to say who might be behind the attacks, but they did not rule out North Korea as a suspect. Security researchers in the US, Russia and Israel have also reported signs of a potential North Korean link to the latest cyberattack, although there is no conclusive evidence of that.

There are possibilities that skilled hackers might have simply made the hack look like it had origins in North Korea by using similar techniques. "Since a July 2009 attack by North Korea, they used the same method". Seoul police blamed the North's main intelligence agency for the attack.

Several Asian countries have been affected by the malware, although the impact has not been as widespread as some had feared. It did not name any of the entities.

"The real situation may be serious".

More than 200,000 computers were affected, though only a few companies paid to get their files back. Taiwan Power Co. said that almost 800 of its computers were affected, although these were used for administration, not for systems involved in electricity generation.

Share