USA blames North Korea for global WannaCry cyberattack

Geneva Matthews
December 21, 2017

The US has officially blamed North Korea for the WannaCry ransomware outbreak, which crippled hundreds of thousands of computers in the NHS and across the world in May.

"After careful investigation, the USA today publicly attributes the massive WannaCry cyberattack to North Korea", Thomas Bossert, US Homeland security advisor, wrote in an article for the Wall Street Journal.

Ahmad said: "The UK's National Cyber Security Centre assesses it is highly likely that North Korean actors known as the Lazarus Group were behind the WannaCry ransomware campaign - one of the most significant to hit the UK in terms of scale and disruption".

The public shaming of the state, which has not been confirmed by the White House, is created to hold the North accountable for its actions and "erode and undercut their ability to launch attacks", the official said. Whenever possible, we will work with partners, industry and allied governments, who share our market based values.

He said it's also an opportunity to call on the other countries in the region that were affected to mobilise them to stop that same behaviour.

Malicious code used in attacks over the summer was "virtually identical" to previous attacks connected to North Korea, he said.

From there, the attackers would access the user's bitcoin wallet either on the computer, or on the bitcoin exchange's server, he said.

Bossert also mentioned charges against Iranian hackers, Canadian, and Chinese nationals for hacking USA systems or companies. He said that while the exact identities of the Lazarus Group hackers are the subject of ongoing debate, the overwhelming opinion in the information security community at the moment is that they are "a majority North Korean group - special forces and operatives", and are largely based in northern China. In June, the BBC also reported that a government source told it that the U.K.'s GCHQ intelligence agency believed Pyongyang was behind WannaCry.

The US is not the only country that attributes the WannaCry attack to North Korea, Bossert adds. He was able to trip the switch and the attack ended.

Bossert, assistant to the president for homeland security and counter-terrorism, noted in a briefing with reporters that the "consequences were beyond economic".

Cristiana Brafman Kittner, principal analyst at the cybersecurity firm FireEye, said she could not confirm whether North Korea had actually stolen any virtual currencies, but said hackers linked to it had targeted "multiple exchanges" over the past six to nine months.

Indeed, Bossert's op-ed appeared the same day that President Donald Trump declared that the USA would take "all necessary steps" to denuclearize North Korea.

Other reports by VideoGamingPros

Discuss This Article