EASY TO BLAME but difficult to communicate with country North Korea is taking the weight for the WannaCry malware shocker that took the NHS and kicked it right in the nuts.
North Korea usually gets the blame for this kind of caper, but it usually gets it earlier than this. It has got the finger from Kaspersky, which sees potential links between its means and methods and those of the Lazarus Group, which is a known North Korean operation.
It was a tweet from a Google security research that put Kaspersky on to this. The tweet pointed to the links between the code and the culprits, and Kaspersky had a good look at the evidence and said that while it looks like Lazarus Group, that doesn't necessarily mean that it is.
9c7c7149387a1c79679a87dd1ba755bc @ 0x402560, 0x40F598— Neel Mehta (@neelmehta) May 15, 2017
ac21c8ad899727137c4b94458d7aa8d8 @ 0x10004ba0, 0x10012AA4#WannaCryptAttribution
"The Google researcher pointed at a WannaCry malware sample which appeared in the wild in February 2017, two months before the recent wave of attacks. Kaspersky Lab' GReAT researchers analyzed this information, identified and confirmed clear code similarities between the malware sample highlighted by the Google researcher and the malware samples used by the Lazarus group in 2015 attacks," said the firm.
"The similarity of course could be a false flag operation. However, the analysis of the February sample and comparison to WannaCry samples used in recent attacks shows that the code which points at the Lazarus group was removed from the WannaCry malware used in the attacks started last Friday.
"This can be an attempt to cover traces conducted by orchestrators of the WannaCry campaign."
Well bang goes our headline. Symantec is also said to have named North Korea as its 'man', but its blog on the subject stops short of committing to that.
"While these findings do not indicate a definite link between Lazarus and WannaCry, we believe that there are sufficient connections to warrant further investigation. We will continue to share further details of our research as it unfolds".
We await that eagerly. µ
A surprisingly busy week in a quiet month
Measures just 15.75mm at its thickest point
Firm expects GPU sales to start drying up