Experts in the UK and the US have reportedly
claimed that the recent global WannaCryptor ransomware attack was initiated by
the North Korean Lazarus Group.
The National Cyber Security Centre in the UK has
declined to comment on the reports, but a separate source has reportedly confirmed to the the Guardian that the organization
had completed an assessment on the group within the last few weeks.
Another security
source has also told the BBC that the NCSC believes that the Lazarus
Group was indeed behind the latest attack, which affected organizations the
world over.
The BBC has also claimed that WannaCryptor has
already been linked with a cyberattack on Sony Pictures in 2014.
That incident came as the company prepared to
release the movie The Interview, a satire about the North Korean regime.
WannaCryptor swept across the world in May, locking
computers and demanding money in order for them to be unlocked.
According to Rob Wainwright, executive director of Europol,
what made the attack so unique was its “unprecedented” global reach.
Researchers at Elliptic, a British firm that
specializes in bitcoin payments, have reportedly said there is no evidence of
withdrawals out of the wallets into which money was paid, although people are
still paying into them.
While the Lazarus Group is believed to be based in
North Korea, the exact level of involvement of the leadership is not quite so
clear cut.
Private sector cybersecurity researchers around the
world began to pick apart the code through reverse engineering, although the
findings of the UK’s NCSC is likely to be based on wider research.
One of the main ways of attributing cyberattacks to
certain organizations and entities is through code overlaps.
For instance, if two pieces of software use the
same portions of code for achieving certain goals, it implies that they may
have the same author. Nevertheless even this method is not completely
fool-proof.