Experts track clues for N. Korea's involvement in global ransomware attack

By Park Sae-jin Posted : May 16, 2017, 16:43 Updated : May 16, 2017, 16:43

[Yonhap Photo]


Cyber security experts are looking for clues to a possible link between North Korean hackers and ransomware computer attacks that have crippled computer systems worldwide.

No evidence has yet to be found, but security firms in South Korea and abroad have kept an eye on "Lazarus", a notorious hacking group tied to North Korea, which is suspected of launching cyber attacks on Sony Pictures in 2014 and of hijacking some 100 million dollars from banks in Bangladesh and other countries in 2015 and 2016.

Despite Pyongyang's repeated denials of his involvement in any cyber attacks, experts believe North Korean hackers have been tied to the group.

WannaCry, the ransomware, have infected computers worldwide, using loopholes in the files sharing system known as SMB (Server Message Block). The ransomware intrudes computers in a form of a worm virus and encrypts all files, leaving users inaccessible to them. Users must pay the hackers in Bitcoins, a digital payment system, to regain control of their computers.

Experts at the global cyber-security firm Symantec reportedly found that older versions of the ransomware used tools that also were used against Sony Pictures and banks.

"North Korean hackers use their own unique encrypted logic, totally different from other malicious codes," Choi Sang-myong from South Korean security firm Hauri Inc., told reporters.

"The fact that similar logic was found in WannaCry, it means the North Korean hackers are very likely to be responsible for the evil deed," Choi was quoted as saying by Yonhap News Agency.

North Korean hackers have developed and tested various ransomware, he said, accusing them of demanding Bitcoins in their hacking cases which were carried out in South Korea by using the SMB loophole.

Russian security firm Kaspersky shares the same thought over the WannaCry ransomware attack that the code used by the worm showed similar logic to other malicious codes and hacking tools used by North Korean hackers.

Radio Free Asia (RFA), a US government-financed broadcaster, reported earlier that North Korean hackers took away about 40 million won (35,810 US dollars) worth of Bitcoins from South Korea for two weeks after Seoul closed a joint industrial zone in the North's border city of Kaesong in 2013.

Symantec Korea has said that it has found evidence which links North Korea to cyber attacks targeting banks in Bangladesh, Vietnam, Ecuador and Poland. North Korean hackers have successfully hijacked at least 94 million dollars in between 2015 and 2016, it said.

Experts believe North Korean has spent stolen money on developing nuclear weapons a nd ballistic missiles.

Park Sae-jin = swatchsjp@ajunews.com
 
기사 이미지 확대 보기
닫기