Tech giants including Facebook and Microsoft last week prevented cyber attacks from North Korea directed at the US.
The attacks were revealed by the White House, which commended the two companies, and others as well, for shutting down them down.
Timeline for US tech giants
- April 1, 2020
- February 24, 2020
White House homeland security adviser Tom Bossert, speaking at a press conference, said:
Facebook took down accounts and stopped the operational execution of ongoing cyber attacks and Microsoft acted to patch existing attacks, not just the WannaCry attack initially. We don’t have a lot of room left here to apply pressure to change their behaviour. It’s nevertheless important to call them out, to let them know that it’s them and we know it’s them.
Bossert also said the US was calling on other companies to cooperate in cyber security defence.
Bossert, writing in the Wall Street Journal, added:
Stopping malicious behaviour like this starts with accountability. It also requires governments and businesses to cooperate to mitigate cyber risk and increase the cost to hackers. The US must lead this effort, rallying allies and responsible tech companies throughout the free world to increase the security and resilience of the internet.
Meanwhile, the US said that Pyongyang was responsible for May cyber attack that crippled hospitals, banks, and other companies around the world — known as WannaCry.
The attack is thougt to have affected some 300,000 computers across 150 countries, causing billions of dollars of damage.
In a blog post Microsoft president and chief legal officer Brad Smith said:
Last week Microsoft, working together with Facebook and others in the security community, took strong steps to protect our customers and the internet from ongoing attacks by an advanced persistent threat actor known to us as ZINC, also known as the Lazarus Group.
We concluded that this threat actor was responsible for WannaCry, a destructive attack in May that targeted Microsoft customers. Among other steps, last week we helped disrupt the malware this group relies on, cleaned customers’ infected computers, disabled accounts being used to pursue cyberattacks and strengthened Windows defences to prevent reinfection. We took this action after consultation with several governments, but made the decision independently. We anticipate providing more information about our actions and their effect in the coming months once we have had the opportunity to analyse applicable data and information.
The State of Technology This Week
British foreign office minister Nazir Ahmed meanwhile said it was “highly likely” that state-sponsored actors were behind the WannaCry ransomware campaign.
We condemn these actions and commit ourselves to working with all responsible states to combat destructive criminal use of cyberspace. The indiscriminate use of the WannaCry ransomware demonstrates North Korean actors using their cyber programme to circumvent sanctions.
Earlier this week it was revealed that North Korea is suspected of using phishing campaigns targeting cryptocurrency companies to try to steal bitcoins, a digital currency that has seen its value soar in recent months.
It’s thought North Korea is interested in bitcoin to try to get around sanctions on the country. The WannaCry ransomware demanded people pay bitcoin to an anonymous digital address to unlock their computers.
Pyongyang has repeatedly denied responsibility for WannaCry and called other allegations that it launched cyber attacks a smear campaign.