Last week’s massive ransomware attack that infected more than 200,000 computers worldwide may be closely connected to the same North Korea-linked hacking group that is thought to be behind the 2014 Sony Pictures hack. Security researchers from Symantec found this link by analyzing the code of the malware, which made use of some of the same hacking tools that were also used to gain access to Sony’s networks.
Earlier this month, malware dubbed WannaCry quickly spread among users of earlier versions of Micosoft’s Windows operating system, and within hours infected computers used by British health care providers, German railway systems and even the Russian Interior Ministry. The code in question encrypted files residing on those computers, and told users that they’d be able to regain access to their data after paying a ransom through the crypto-currency Bitcoin.
Symantec’s security researchers now took a closer look at earlier versions of WannaCry, which first started surfacing in February. Those earlier versions made use of some tools linked to the Lazarus Group, a cyber crime group that has also been linked to the Sony hack of 2014, which led to the release of tens of thousands of internal Sony emails and documents.
At the time, hackers linked their actions to Sony’s “The Interview,” a comedy that depicted Seth Rogen and James Franco as journalists turned assassins, with the mission to kill North Korean leader Kim Jong-un. However, security researchers have long suspected that the hack may only have been sponsored by North Korea, and at least in part carried out by hackers residing outside of the country.
Symantec’s researchers also emphasized this week that there is no evidence for North Korea’s involvement in the ransomware attack.” Despite the links to Lazarus, the WannaCry attacks do not bear the hallmarks of a nation-state campaign but are more typical of a cybercrime campaign,” the wrote.