North Korea link emerges in global cyberattacks | Inquirer News

North Korea link emerges in global cyberattacks

/ 07:28 AM May 16, 2017

China_cyberattack
WASHINGTON, United States — Security researchers on Monday reported signs of a potential North Korea link to the massive cyberattack campaign that sparked havoc in computer systems worldwide and opened fresh political rifts between Russia and the United States.

After days of disruptions affecting networks worldwide, a top US official said the number of computers affected had reached 300,000, but that infection rates had slowed.

In the first clues of the origin of the massive ransomware attacks, Google researcher Neel Mehta posted computer code that showed similarities between the “WannaCry” malware and a vast hacking effort widely attributed to Pyongyang.

Article continues after this advertisement

READ: Aguirre orders boost in cyber security amid ransomware global carnage

FEATURED STORIES

Other experts quickly jumped on this as a sign — although an inconclusive one — that North Korea may have been behind the outbreak.

“We believe this might hold the key to solve some of the mysteries around this attack,” said researchers at the Russian-based security firm Kaspersky, adding that further research was needed.

Article continues after this advertisement

Israeli-based security firm Intezer Labs said it agreed with the North Korea attribution.

Article continues after this advertisement

The group’s chief executive Itai Tevet said in a tweet: “@IntezerLabs confirms attribution to North Korea for #WannaCry, not only because of the function from Lazarus. More info to come.”

Article continues after this advertisement

US, Russia trade jabs

Tom Bossert, President Donald Trump’s top cyber and homeland security adviser, brushed aside suggestions that the United States was to blame for the attack, which stemmed from a flaw discovered by the US National Security Agency and later leaked.

“This was not a tool developed by the NSA to hold ransom data,” he said, noting that no US government systems had been hit.

Article continues after this advertisement

“This is a global attack,” he added.

Russian President Vladimir Putin earlier had pointed the finger at the United States.

“A genie let out of a bottle of this kind, especially created by secret services, can then cause damage to its authors and creators,” the Russian leader said on the sidelines of a summit in Beijing.

Russia has recently been accused of cyber meddling in several countries, but Putin said they had nothing to do with the attack.

Over the weekend, Microsoft’s president and chief legal officer Brad Smith said attacks highlighted the dangers from the NSA’s “stockpiling” of secret hacking tools.

There had been concern that Monday’s start of the working week would see an upsurge in attacks.

But the cross-border police agency Europol said the situation was “stable” after attacks that struck computers in British hospital wards, European car factories and Russian banks.

“The number of victims appears not to have gone up,” a senior spokesman for Europol, Jan Op Gen Oorth, told AFP.

But according to Michel Van Den Berghe, director of telecom group Orange’s cyber security arm, a “second wave” is to be expected.

Telecoms and carmaking hit

US package delivery giant FedEx, Spanish telecoms giant Telefonica and Germany’s Deutsche Bahn rail network were among those hit. The attackers demanded money to unblock their computers.

In China, “hundreds of thousands” of computers were affected, including gas stations, cash machines and universities, according to Qihoo 360, one of the country’s largest providers of antivirus software.

Russia said its banking and railway systems were targeted.

A fifth of regional hospital associations in Britain’s National Health Service were affected and several still had to cancel appointments on Monday.

French carmaker Renault shut its Douai plant — one of its biggest sites, employing 5,500 people — as systems were upgraded.

The attack blocks computers and puts up images on victims’ screens demanding payment of $300 (275 euros) in the virtual currency Bitcoin, saying: “Ooops, your files have been encrypted!”

Bossert said that paying the ransom provided no guarantee files would be unlocked.

He told a news conference that “it appears that less than $70,000 has been paid in ransoms and we are not aware of payments that have led to any data recovery.”

Bitcoin, the world’s most-used virtual currency, allows anonymous transactions via heavily encrypted codes.

Experts and governments alike warn against ceding to the demands and few victims so far had been paying up.

A hacking group called Shadow Brokers released the malware in April, claiming to have discovered the flaw from the NSA.

The attack is unique, according to Europol, because it combines ransomware with a worm function, meaning once one machine is infected, the entire internal network is scanned and other vulnerable machines are infected.

Although the economic fallout is still unknown, the political fallout “will be significant” according to the Eurasia consultancy.

Your subscription could not be saved. Please try again.
Your subscription has been successful.

Subscribe to our daily newsletter

By providing an email address. I agree to the Terms of Use and acknowledge that I have read the Privacy Policy.

In addition to Russia, China and India have blamed the US government for developing the original code. CBB

TAGS: cyberattacks, google, malware, News, North Korea, Pyongyang, ransomware, WannaCry

Your subscription could not be saved. Please try again.
Your subscription has been successful.

Subscribe to our newsletter!

By providing an email address. I agree to the Terms of Use and acknowledge that I have read the Privacy Policy.

© Copyright 1997-2024 INQUIRER.net | All Rights Reserved

This is an information message

We use cookies to enhance your experience. By continuing, you agree to our use of cookies. Learn more here.