North Korea dismisses claims linking WannaCry cyberattack to Pyongyang as 'ridiculous'
Some security experts found links between WannaCry and previous hacking efforts by Lazarus Group.
North Korea has denied reports linking Pyongyang with the massive WannaCry cyberattack that wreaked havoc across the globe last week and slammed the allegations as "ridiculous". The WannaCry ransomware, which struck on 12 May, infected over 300,000 computers in 150 nations and encrypted millions of user files and demanded a ransom.
When asked if North Korea was involved in the worldwide WannaCry cyberattack or the UN hack, North Korea's Deputy Ambassador to the United Nations Kim In Ryong said: "Relating to the cyberattack, linking to the [Democratic People's Republic of Korea], it is ridiculous".
"Whenever something strange happens, it is the stereotype way of the United States and the hostile forces that kick off noisy anti-DPRK campaign deliberately linking with DPRK," Kim said in a press conference.
On Friday (18 May), a spokesman for the Italian Mission to the UN - which chairs the UN Security Council North Korea sanctions committee - told Reuters that a member of the UN panel of experts who monitors sanction violations had recently been hacked.
However, the extent and suspected perpetrators behind the attack are still unclear, Reuters reports.
Some security experts noticed links between the WannaCry ransomware and previous hacking efforts by the notorious North Korean hacking outfit, Lazarus Group.
The hacker collective has previously been linked to the $81m heist from Bangladesh's central bank last year and the devastating Sony Pictures hack in 2014 among other attacks.
Google researcher Neel Mehta found similarities between an earlier February 2017 version of the WannaCry code and a 2015 backdoor created by Lazarus Group. Security firms Kaspersky and Symantec also echoed these findings.
Kaspersky Lab's Global Research & Analysis Team (GReAT) identified and confirmed "clear code similarities between the malware samples. Researchers said Mehta's discovery is "the most significant clue to date regarding the origins of Wannacry".
However, they also noted that the link could be a "false flag operation", but said that the theory "although possible, is improbable".
"The analysis of the February sample and comparison to WannaCry samples used in recent attacks shows that the code which points at the Lazarus group was removed from the WannaCry malware used in the attacks started last Friday," Kaspersky told IBTimes UK. "This can be an attempt to cover traces conducted by orchestrators of the WannaCry campaign.
"Although this similarity alone doesn't allow proof of a strong connection between the WannaCry ransomware and the Lazarus Group, it can potentially lead to new ones which would shed light on the WannaCry origin which to the moment remains a mystery."
© Copyright IBTimes 2024. All rights reserved.