British Security Services Tie North Korea to WannaCry

As Lazarus Group Attacks, Experts Question Organizations’ Security Readiness

Britain’s security services have reportedly concluded that the WannaCry ransomware outbreak was launched by Lazarus group, a hacking team tied to North Korea. Attribution aside, security experts question how many organizations can defend themselves against Lazarus attacks.

Britain’s security services have concluded that the WannaCry ransomware outbreak was launched by individuals tied to North Korea, the BBC reports.

Citing unnamed British government security sources, the BBC reported Friday that the U.K.’s National Cyber Security Center, part of the GCHQ intelligence agency, believes that the Lazarus hacking group launched the attack.

GCHQ couldn’t be immediately reached for comment on the report.

Security experts have long recommended taking such reports with a grain of salt. “Let’s hope everyone treats any analysis with all the caveats applied: We wouldn’t want a cyber dodgy dossier justifying some future action,” says Alan Woodward, a professor of computer security who advises Europol, the EU’s law enforcement intelligence agency, on cybersecurity matters.

Many security firms have already noted that there appear to be numerous links suggesting a connection between WannaCry and Lazarus (see Is WannaCry the First Nation-State Ransomware?).

Adrian Nish, head of the cyber-threat intelligence team at British defense contractor BAE, says there’s significant overlap between WannaCry and code that’s been previously tied to Lazarus attacks. “It seems to tie back to the same code base and the same authors,” he tells the BBC. “The code overlaps are significant.”

But there are also clues suggesting that the ransomware campaign – or at least aspects of it – were not run by North Korea (see WannaCry’s Ransom Note: Great Chinese, Not-So-Hot Korean).

Still, an intelligence service’s hack-attack attribution would likely be based not just on apparent technical links, but on much more extensive signals of intelligence or even human intelligence. U.S. officials, for example, said that level of intelligence was behind the U.S. government’s attribution of the 2014 Sony Pictures Entertainment hack to “North Korea actors.”

Continue reading…