The WannaCry ransomware attack that started Friday and infected hundreds of thousands of computers has been linked to hackers aligned with North Korea, according to cybersecurity researchers. However, the evidence is not conclusive.
Researchers are keen to point out that more investigation is needed before any definitive conclusions can be drawn. The Guardian notes: “Shared code doesn’t always mean the same hacking group is responsible – an entirely different group may have simply reused Lazarus group’s backdoor code from 2015 as a ‘false flag’ to confuse anyone trying to identify the perpetrator. However, the reused code appears to have been removed from later versions of WannaCry, which according to Kaspersky gives less weight to the false flag theory.”
Cybersecurity experts say there is circumstantial evidence that links the WannaCry attack, which started Friday in Europe and then spread around the globe, to cyberattacks previously tied to North Korea. The New York Times reports: Security experts at Symantec, which in the past has accurately identified attacks mounted by the United States, Israel and North Korea, found early versions of the ransomware, called WannaCry, that used tools that were also deployed against Sony Pictures Entertainment, the Bangladesh central bank last year and Polish banks in February. American officials said Monday that they had seen the same similarities.