North Korean Lazarus botnet linked to WannaCry attack

US-Cert puts out an alert on DeltaCharlie, a distributed denial of service tool from North Korean hacker group Lazarus

Reports across the internet have pointed the finger at a notorious North Korean hacking group for last month’s WannaCry distributed denial of service (DDoS) attack that crippled NHS computers.

Quoting US intelligence officials, the Washington Post reported that the National Security Agency (NSA) had linked the attack to cyber actors sponsored by North Korea’s spy agency, the Reconnaissance General Bureau.

In May, following the attack, Symantec said tools and infrastructure used in the WannaCry ransomware attack had strong links to Lazarus, the group responsible for destructive attacks on Sony Pictures Entertainment and the Bangladesh Central Bank.

The WannaCry attack, which started on 12 May, was the biggest single incident that the UK’s new National Cyber Security Centre (NCSC) has faced to date.

As Computer Weekly has previously reported, in response to the attacks, the NCSC’s incident management function was called into action. Its initial focus was to understand the technical characteristics of the attack, how it was spreading, and who the victims were.

Continue reading…