Similarities spotted between details of last week’s massive cyber-attack and code used by a prolific cybergang with links to North Korean government
Two top security firms have found evidence linking the WannaCry ransomware to the prolific North Korean cybergang known as Lazarus Group.
— Matthieu Suiche (@msuiche) 15 maggio 2017
Kaspersky and Symantec both said on Monday that technical details within an early version of the WannaCry code are similar to code used in a 2015 backdoor created by the government-linked North Korean hackers, who were implicated in the 2014 attack on Sony Pictures and an $81m heist on a Bangladeshi bank in 2016. Lazarus Group has also been known to use and target Bitcoin in its hacking operations. The similarities were first spotted by Google security researcher Neal Mehta and echoed by other researchers including Matthieu Suiche from UAE-based Comae Technologies.