Cybersecurity
researchers have found evidence they say could link North Korea with the
WannaCry cyber attack that has infected more than 300,000 computers worldwide
as global authorities scrambled to prevent hackers from spreading new versions
of the virus.
A researcher
from South Korea's Hauri Labs said on Tuesday their own findings matched those
of Symantec (SYMC.O) and Kaspersky Lab, who said on Monday that some code in an
earlier version of the WannaCry software had also appeared in programs used by
the Lazarus Group, identified by some researchers as a North Korea-run hacking
operation.
"It is
similar to North Korea's backdoor malicious codes," Simon Choi, a senior
researcher with Hauri who has done extensive research into North Korea's
hacking capabilities and advises South Korean police and National Intelligence
Service.
Both
Symantec and Kaspersky said it was too early to tell whether North Korea was
involved in the attacks, based on the evidence that was published on Twitter by
Google security researcher Neel Mehta. The attacks, which slowed on Monday, are
among the fastest-spreading extortion campaigns on record.
Damage in
Asia, however, has been limited.
Vietnam's
state media said on Tuesday more than 200 computers had been affected. Taiwan
Power Co. TAIWP.UL said that nearly 800 of its computers were affected,
although these were used for administration, not for systems involved in
electricity generation.
FireEye Inc
(FEYE.O), another large cyber security firm, said it was also investigating but
cautious about drawing a link to North Korea.
"The
similarities we see between malware linked to that group and WannaCry are not
unique enough to be strongly suggestive of a common operator," FireEye
researcher John Miller said.
U.S. and
European security officials told Reuters on condition of anonymity that it was
too early to say who might be behind the attacks, but they did not rule out
North Korea as a suspect.
The Lazarus
hackers, acting for impoverished North Korea, have been more brazen in their
pursuit of financial gain than others, and have been blamed for the theft of
$81 million from the Bangladesh central bank, according to some cyber security
firms. The United States accused it of being behind a cyber attack on Sony
Pictures in 2014.
An official
at South Korea's Korea Internet & Security Agency said on Tuesday the
agency was sharing information with intelligence officials on recent cases
reported for damages but was not in position to investigate the source of the
attack. The official declined to comment on intelligence-related matters.
A South
Korean police official that handles investigations into hacking and cyber
breaches said he was aware of reports on North Korea link but said the police
were not investigating yet.
Victims
haven't requested investigations but they want their systems to be restored,
the official said.
North Korea
has denied being behind the Sony and banking attacks. North Korean officials
were not immediately available for comment and its state media has been quiet
about the matter.
Hauri
researcher Choi said the code bore similarities with those allegedly used by
North Korean hackers in the Sony and bank heists. He said based on his
conversations with North Korean hackers, the reclusive state had been
developing and testing ransomware programs since August.
In one case,
alleged hackers from North Korea demanded bitcoin in exchange for client
information they had stolen from a South Korean shopping mall, Choi added.
The North
Korean mission to the United Nations was not immediately available for comment
on Monday.
While the
attacks have raised concerns for cyber authorities and end-users worldwide,
they have helped cybersecurity stocks as investors bet governments and
corporations will spend more to upgrade their defenses.
Cisco
Systems (CSCO.O) closed up 2.3 percent on Monday and was the second-biggest gainer
in the Dow Jones Industrial Average.
Graphic:
Cyber security ETF beats broader market - reut.rs/2pPQykk
Graphic: How
ransomware attack works, where and when it spread - tmsnrt.rs/2qIXzb8
0 Comments