As Lazarus Group Attacks, Experts Question Organizations’ Security Readiness
Britain’s security services have reportedly concluded that the WannaCry ransomware outbreak was launched by Lazarus group, a hacking team tied to North Korea. Attribution aside, security experts question how many organizations can defend themselves against Lazarus attacks.
Citing unnamed British government security sources, the BBC reported Friday that the U.K.’s National Cyber Security Center, part of the GCHQ intelligence agency, believes that the Lazarus hacking group launched the attack.
GCHQ couldn’t be immediately reached for comment on the report.
Security experts have long recommended taking such reports with a grain of salt. “Let’s hope everyone treats any analysis with all the caveats applied: We wouldn’t want a cyber dodgy dossier justifying some future action,” says Alan Woodward, a professor of computer security who advises Europol, the EU’s law enforcement intelligence agency, on cybersecurity matters.
Adrian Nish, head of the cyber-threat intelligence team at British defense contractor BAE, says there’s significant overlap between WannaCry and code that’s been previously tied to Lazarus attacks. “It seems to tie back to the same code base and the same authors,” he tells the BBC. “The code overlaps are significant.”
But there are also clues suggesting that the ransomware campaign – or at least aspects of it – were not run by North Korea (see WannaCry’s Ransom Note: Great Chinese, Not-So-Hot Korean).
Still, an intelligence service’s hack-attack attribution would likely be based not just on apparent technical links, but on much more extensive signals of intelligence or even human intelligence. U.S. officials, for example, said that level of intelligence was behind the U.S. government’s attribution of the 2014 Sony Pictures Entertainment hack to “North Korea actors.”