There is evidence to link North Korean hackers with the massive WannaCry cyber attack that infiltrated the UK’s National Health Service (NHS) and over 300,000 computers worldwide on Friday.
Three different security research firms, Kaspersky Lab, Symantec and Hauri Labs, have noted that the code used in an earlier version of the WannaCry software had also appeared in programs used by a North Korea-run hacking operation, known as Lazarus Group.
Simon Choi, a senior researcher with the South Korean-based Hauri Labs told Reuters: “It is similar to North Korea’s backdoor malicious codes.”
Allegedly, these are the same codes that were used by hackers from the totalitarian state in the infamous Sony hack in 2014.
However, Kaspersky has warned against rushing to conclusions just yet. On a blog post, the company said:
“We believe it’s important that other researchers around the world investigate these similarities and attempt to discover more facts about the origin of WannaCry.”
As well, US and European security officials have said that it was too early to say who might be behind the attacks, yet North Korea has not been ruled out as a suspect.
Last Friday, the NHS fell victim to a cyber attack in the form of malicious software being used to ransom computer files. The WannaCry virus that was used to carry out the attack is spread via email, prompting users to download infected software.
Access to files was denied unless a Bitcoin ransom worth $300 was paid.
The UK’s National Crime Agency (NCA) said it was investigating the attack which affected x-ray imaging systems, pathology test results, phone and bleep systems and patient administration systems at hospitals up and down the country.
Who else was affected?
Companies and computers across Europe and Asia, including Portugal, China and Japan were all hit in the hack.
Japanese computer experts have said around 2,000 PCs were affected in the country, whereas China’s news agency Xinhua reported that almost 30,000 were hit in China.
The Spanish telco Telfonica told employees to turn off their computers in case they were compromised, alongside Vodafone’s Spanish unit and Iberdrola, which owns the UK-based energy company Scottish Power.
What will happen next?
At the moment, there are investigations into what caused the attack and who is to blame. Russian president Vladimir Putin has blamed the US for creating the hacking software that affects Microsoft computers and said that Russia has had “nothing to do” with it.
The UK home secretary Amber Rudd said the UK was working with international partners to find who created the ransomware.
“The National Cyber Security Centre and the NCA are working with Europol and other international partners to make sure that we collect the right evidence, which we need to do, to make sure we have the right material to find out who has done this and go after them, which we will,” said Rudd.