The WannaCrypt ransomware that's infected hundreds of thousands of systems might be connected to North Korea. According to researchers with Kaspersky Labs, a piece of code in one of the first variants matches code from 2015 that was linked to Lazarus Group.
Based on Kaspersky's analysis, Lazarus Group is operated by the North Korean government.
Neal Mehta, a Google researcher, first noticed the overlap in the code.
We strongly believe the February 2017 sample was compiled by the same people...or by people with access to the same source code as the May 2017 WannaCry encryptor used in the May 11th wave of attacks.- Kaspersky
Symantec has also noticed connections between the attacks, but it cautions the code overlap is only a "weak" connection right now.
While these connections exist, they so far only represent weak connections...We are continuing to investigate for stronger connections.- Symantec
0 Comments