Kaspersky: WannaCry could come from the Lazarus Group

security researchers have found evidence that the ominous hacker group of Lazarus world Ransomware attack WannaCry could be behind the . Lazarus was known by the attack on server from Sony Pictures, to operate from North Korea out and recently increasingly on Cyber bank robbery have simplicity.

 WannaCrypt (screenshot: Microsoft)

made the first note Google security researcher Neel Mehta with a public tweet. With the Hashtag he pointed out #WannaCryptAttribution matching code, was to find an early version of WannaCry as well as a malicious software known as Contopee. The latter was Lazarus has been allocated already and came with cyber attacks on banks in Bangladesh and Vietnam used, where tens of millions were captured.

the Russian security firm Kaspersky followed the trail and analyzed the similarities in the code examples. You compare code of encryption tools from a variant of WannaCry, which was already in the February 2017 in circulation, with Lazarus code from same month – and encountered unique matches. Therefore, it is likely that the same people compiled the WannaCry code – or they had at least access to the source code of other malware.

for which security researchers is so near, that Lazarus and thus North Korea behind the Ransomware WannaCry stand, which resulted in the world within a few days for the encryption of over 200,000 computers and who was blackmailing the victim to pay a ransom of 300 to $600 each. They don’t hold for clearly proven it but still. Theoretically other hackers that might have created intentionally a wrong track, although that is highly unlikely.

“More research from older versions of WannaCry are now required”, write the security experts in a blog . “We believe that could be the key to some of the puzzles around to solve this attack.” One thing is certain – Neel Mehta’s discovery is the most important clue as to the origin of WannaCry.”

even the security company found Symantec regardless of more code matches is still not prepared to further conclusions: “while these connections exist, they represent only weak connections. We search continues for stronger connections.”

bit Defender, however, will not join assumptions. The analysis of the BitDefender forensics teams show rather that the criminal group rather behind the attack consisted of amateurs and it was not a Government-supported team. Adding four new wallets for Ransomware payments could also mean that more criminals docked groups on the first wave of WannaCry and “Piggy-back want to benefit from them”.

Simon Choi of the South Korean security company of Hauri Labs confirmed the matches found from Reuters . “It is similar to the malicious backdoor programs of North Korea”, the security researcher who deals even more intensively with the hacking potential of North Korea and advises South Korean authorities said. According to Reuters, U.S. and European intelligence officers currently still think not possible to identify the WannyCry backers, does not exclude but as the originator of the Ransomware North Korea.

the Lazarus hacker should have since 2009 actively have been his, but above all by the successful hacker attack on Sony Pictures known in November 2014. The Obama administration made responsible for the burglary, in which unreleased feature films and also E-Mail mailboxes by Sony executives were stolen, the North Korean Government. Release was the comedy “The Interview”, a fictional assassination on the North Korean leader, Kim Jong-UN describes.

for Sony had the downturn in its servers became disastrous. Including social security numbers of 47,000 employees and employees in the Internet appeared, including the information from actors such as Sylvester Stallone and rebel Wilson. Alone for the “study and resolve” of the incident, Sony planned expenditure in the amount of in February 2015 a $15 million .

WEBINAR

what next – BB´s storage & co: the enterprise cloud!

get to know the building blocks of enterprise cloud platform in this audio Webinar. Learn how to achieve maximum freedom and flexibility for your applications. More outcome achieved with less input – specific application examples. [Update: the webinar has already occurred.] Register now and look at the record.

: you know the most famous hacker? Check your knowledge – with 15 questions on silicon.de.

Be the first to comment

Leave a Reply