Experts in the UK and the US reportedly have claimed that the recent global WannaCryptor ransomware attack was initiated by the North Korean Lazarus Group.
The National Cyber Security Centre in the UK has declined to comment on the reports, but a separate source reportedly has confirmed to the the Guardian that the organization had completed an assessment on the group within the last few weeks.
Also, another security source has told the BBC that the NCSC believes that the Lazarus Group was indeed behind the latest attack, which affected organizations the world over.
The BBC has also claimed that WannaCryptor has already been linked with a cyberattack on Sony Pictures in 2014.
That incident came as the company prepared to release the movie The Interview, a satire about the North Korean regime.
WannaCryptor swept across the world in May, locking computers and demanding money in order for them to be unlocked.
According to Rob Wainwright, executive director of Europol, what made the attack so unique was its “unprecedented” global reach.
Researchers at Elliptic, a British firm that specializes in bitcoin payments, reportedly have said there is no evidence of withdrawals out of the wallets into which money was paid, although people are still paying into them.
While the Lazarus Group is believed to be based in North Korea, the exact level of involvement of the leadership is not quite so clear cut.
Private sector cybersecurity researchers around the world began to pick apart the code through reverse engineering, although the findings of the UK’s NCSC is likely to be based on wider research.
One of the main ways of attributing cyberattacks to certain organizations and entities is through code overlaps.
For instance, if two pieces of software use the same portions of code for achieving certain goals, it implies that they may have the same author. Nevertheless even this method is not completely fool-proof.
