Saturday, Apr 27, 2024 | Last Update : 09:10 PM IST
PIO techie traces North hacking ‘link’
Google security researcher finds ‘evidence’ suggesting Pyongyang was behind massive cyberattack.
London: An Indian-origin security researcher with Google has found evidence suggesting that North Korean hackers may have carried out the “unprecedented” ransomware cyberattack that hit over 150 countries, including India.
Neel Mehta has published a code which a Russian security firm has termed as the “most significant clue to date”, BBC reported on Tuesday.
The code, published on Twitter, is exclusive to North Korean hackers, researchers said.
Researchers have said that some of the code used in Friday’s ransomware, known as WannaCry software, was nearly identical to the code used by the Lazarus Group, a group of North Korean hackers who used a similar version for the hack of Sony Pictures Entertainment in 2014 and last year’s hack of Bangladesh Central Bank.
Security experts are now cautiously linking the Lazarus Group to this latest attack after the discovery by Mr Mehta.
Mr Mehta has found similarities between the code within WannaCry and other tools believed to have been created by the Lazarus Group in the past, BBC reported.
Security expert Professor Alan Woodward said that time stamps within the original WannaCry code were set to China’s time zone and the text demanding the ransom used what read like machine-translated English, but also contained a Chinese segment reportedly written by a native speaker.
“As you can see, it is pretty thin and all circumstantial. However, it is worth further investigation,” Mr Woodward said.
“Neel Mehta’s discovery is the most significant clue to date regarding the origins of WannaCry,” said Russian security firm Kaspersky, but noted a lot more information was needed on earlier versions of WannaCry before a conclusion could be reached.
A researcher from South Korea’s Hauri Labs said on Tuesday that their own findings matched those of Kaspersky Lab.
“It is similar to North Korea’s backdoor malicious codes,” Simon Choi, a senior researcher with Hauri who has done extensive research into North Korea’s hacking capabilities and advises South Korean police and National Intelligence Service.
North Korea has denied being behind the Sony and banking attacks. North Korean officials were not available for comment and its media has been quiet about the matter.
