24 May 2017

Symantec, a leading cybersecurity firm and creator of, among other products, the popular Norton antivirus software, has announced that it’s highly likely that the perpetrators of the recent WannaCry cyberattack is a hacking group from North Korea known as Lazarus.

In case you haven’t kept up with any news in the last week or so, WannaCry was a ransomware outbreak that infected about 300,000 computers worldwide. It caused the shutdown of healthcare networks in the UK and a leading telecommunications company in Spain. It also hit schools, banks, private computers and more.

WannaCry is a type of ransomware, a certain type of malware that locks files on an infected computer until the victim pays a ransom, usually in Bitcoin, an anonymous digital currency.

The extensive reach of the attack can be attributed to a flaw in the Microsoft Windows operating system. That vulnerability is one that had been used by the NSA and was leaked by another hacker group called the Shadow Brokers, who are suspected to be Russian.

Why does Symantec think a North Korean hacker group is behind the attack? Some of the same code was used in other cyberattacks from the same group, including an earlier version of WannaCry. Code can be like fingerprints when it comes to cyberforensics. That’s not all, though. There’s also a link to the Sony hack from a few years ago. Some of the computers that had file-destroying tools from that attack used the same internet connection. Other file-destroying attacks and malware that are known to have been deployed by Lazarus also used the same connection.

When confronted with this accusation, a statement from North Korea said it was a “despicable smear campaign.” They obviously denied the report.

Lazarus is not the official name of the hacker group. It’s a name given by cybersecurity companies to the group behind the Sony attack. As a general rule, Symantec doesn’t go so far as to assign hacking campaigns to governments, but they also don’t go against the commonly-accepted idea that Lazarus works for the North Korean government.

That said, the WannaCry attack seems to point to Lazarus not working solely for the North Korean government. Given several factors, this recent attack seems to back that up. The code in the ransomware wasn’t very sophisticated and it asked for payment in Bitcoins, which would not normally be a goal of the North Korean government.

Why would Lazarus have sent out a massive ransomware attack? It could have been a splinter group, contractors, or hackers who are simply no longer employed by North Korea directly. One way or another, it the general consensus is that the group was just trying to make a few extra bucks. Either way, while Lazarus is a hacker group from North Korea and they’ve done work on behalf of the government, this doesn’t appear to have been a state-sponsored attack.

Symantec is not alone in believing Lazarus was behind the WannaCry attack. The Shadow Brokers, the previously-mentioned hacker group who released NSA information that was exploited to spread the malware, also backed up the idea that Lazarus was behind the attack, though some think that’s just to take some heat of off their own group.

Kaspersky, another renowned cybersecurity firm, said that there are similarities in the code that could point to Lazarus as being the culprit, but don’t think the evidence is conclusive.

Others point out the fact that the Korean used in Korean versions of the ransom note does not read like a native speaker. The counterargument to that, though, is that hackers usually try to dirty up language usage to make it more difficult to nail down the source.

 

Schedule an Appointment

Schedule an Appointment

    Our clients are awesome!

    Based on 55 reviews.
    Jeremy Richards
    Jeremy Richards
    2020-03-13
    Petronella provides great advanced digital marketing and automation solutions for my business!
    Kate Swenson
    Kate Swenson
    2020-02-14
    Highly recommended for CMMC certification assistance! Excellent and affordable options for secure data hosting on local infrastructure. 5 stars!
    Tom Matzen
    Tom Matzen
    2020-01-25
    Petronella Technology Group helped us setup our sales and marketing automation, cybersecurity and compliance for our new Blockchain startup. Great to work with! Craig in particular really knows his stuff, can translate into non-tech speak, and has wisdom beyond his years. Highly recommend them.
    Justin Summers
    Justin Summers
    2020-01-14
    Craig is awesome! He is very professional and efficient with his work. I would definitely recommend Petronella Technology to anyone who needs state of the art service.
    Blake Rea
    Blake Rea
    2020-01-14
    Craig is an expert in his field. Impressed by his knowledge, A true pioneer in Cybersecurity. My business is safer thanks to Petronella Tech!
    Robert Friedman
    Robert Friedman
    2020-01-10
    For the last five years Craig has been the Contributing Editor for Cybersecurity for NC Triangle Attorney Law Magazine which I publish. His base of knowledge is always leading edge, pragmatic and early to understand for our readers who are not techies. He is patient and easy to work with.
    Tammy Everett
    Tammy Everett
    2020-01-10
    Craig Petronella, CEO of Petronella Technology Group provided the members of the Defense Alliance of North Carolina expert advice on cybersecurity and NIST compliance. Eye opening experience! Thanks so much!
    Julie Brown
    Julie Brown
    2020-01-09
    Craig and the Petronella Technology Group, Inc. team made HIPAA compliance for my small practice so simple and easy! They helped me with all of my HIPAA training, HIPAA Security Risk Assessment, Penetration Test, and HIPAA secure hosting so I can rest easy.
    Pivot Point
    Pivot Point
    2020-01-03
    Petronella Technology Group helped us with our marketing strategy for our new web startup. Awesome experience!!!!
    Richard Brunet
    Richard Brunet
    2019-12-30

    SCHEDULE AN APPOINTMENT

    Make It Happen Now

    CLIENT SUPPORT

    Don't Feel Stranded

    CONSULTATION

    Get Best Advice

    PAYMENTS

    Make A Payment

    Top