More evidence has been found linking North Korea to the global cyberattack that caused an IT meltdown in the NHS earlier this month.
The WannaCry ransomware has been attributed to the North Korea-linked Lazarus Group, which is believed to have also been behind the 2014 hack of Sony Pictures and the theft of more than £62m from the Bangladesh Central Bank.
The latest attack led to the sudden closure of several accident and emergency departments and exposed serious vulnerabilities in the way that the NHS approached computer security.
Security company Symantec says its researchers have now found more similarities in the code and attack infrastructure between the malicious software used in the WannaCry ransomware attacks and other attacks attributed to the Lazarus Group.
Symantec claims the attacks “show strong links to Lazarus group”.
In their paper on the matter, the researchers have noted shared code between the ransomware and other code, as well as how a command and control server used as part of the malware attack against Sony was also connected to during the ransomware attack.
However, despite the links to the Lazarus Group, the WannaCry attacks “do not bear the hallmarks of a nation-state campaign” according to Symantec, “but are more typical of a cybercrime campaign.”
In information security, state-sponsored hacking groups are also known as Advanced Persistent Threats (APTs) due to the difficulty of definitively stating who their state sponsors are.
These threat actors are especially dangerous because of the resources which they are able to apply when hacking.
The advanced level of their code suggests that teams of very competent developers with backgrounds in computer science have been involved in developing it.
Additionally, the degree of persistence which they show when pursuing an objective suggests there are multiple teams of technicians attempting to infect the target computers.
Unlike most other APTs, North Korea’s state security apparatus is often alleged to seek to generate money by hacking foreign nations, as it also controls the manufacture and distribution of methamphetamine in the country.
However, while Symantec believes that the links between the code and the Lazarus Group’s previous campaigns suggest North Korean responsibility, other researchers have urged caution.
Kaspersky Lab warned that the repetition of code and attack infrastructure from other operations attributed to the Lazarus Group could have been meant to mislead investigators.
The researchers pointed out that the WannaCry malware also used code written by the US National Security Agency to hack Microsoft computers.
(c) Sky News 2017: WannaCry attack: Suspicion around North Korea deepens