Is North Korea Behind the WannaCry Hack?

A Google researcher named Neel Mehta has discovered a common bit of code shared by the WannaCry attack and an older program known as Contopee. The earlier program was used by Lazarus, a hacking group believed to be tied to the North Korean government. Andy Greenberg writes at WIRED that the evidence is still thin, but the connection is a starting point.

“There’s no doubt this function is shared across these two programs,” says Matt Suiche, a Dubai-based security researcher and the founder of the security firm Comae Technologies. “WannaCry and this [program] attributed to Lazarus are sharing code that’s unique. This group might be behind WannaCry also.”

According to Suiche, that chunk of commands represents an encoding algorithm. But the code’s function isn’t nearly as interesting as its Lazarus provenance. The group rose to notoriety following a series of high-profile attacks, including the devastating hack of Sony Pictures in late 2014, that were identified by US intelligence agencies as a North Korean government operation. More recently, researchers believe that Lazarus compromised the SWIFT banking system, netting tens of millions of dollars from Bangladeshi and Vietnamese banks. Security firm Symantec first identified Contopee as one of the tools used in those intrusions.

Researchers at the security firm Kaspersky last month presented new evidence tying those attacks together, pointing to North Korea as the culprit. On Monday, Kaspersky followed up on Mehta’s tweet with a blog post analyzing the similarities in the two code samples. But while they noted the shared code in the Lazarus malware and the early version of the WannaCry, they stopped short of definitively stating that the ransomware stemmed from state-sponsored North Korean actors.

Trail of ransomware attacks could lead back to North Korea

Bio
Latest Posts

E.J. Smith - Your Survival Guy

Preparing your investments and family for when disaster strikes.

E.J. Smith is the Founder of YourSurvivalGuy.com, Managing Director at Richard C. Young & Co., Ltd., a Managing Editor of Richardcyoung.com, and Editor-in-Chief of Youngresearch.com. E.J. graduated from Babson College in Wellesley, Massachusetts, with a B.S. in finance and investments. In 1995, E.J. began his investment career at Fidelity Investments in Boston before joining Richard C. Young & Co., Ltd. in 1998. E.J. has trained at Sig Sauer Academy in Epping, NH, where he completed course-work in Practical and Defensive Handgun, Conceal Carry Pistol, Shotguns, Precision Scope Rifle and Kidnapping Prevention. E.J. plays a Yamaha Recording Custom drum set with Zilldjian cymbals. His first drum set was a 5-piece Slingerland with Zilldjians. He grew-up worshiping Neil Peart of the band Rush, and loves the song Tom Sawyer—the name of his family’s boat, a Grady-White Canyon 306. He grew up in Mattapoisett, MA, an idyllic small town on the water near Cape Cod. He spends time in Newport, RI and Bartlett, NH—both as far away from Wall Street as one could mentally get. The Newport office is on a quiet, tree lined street not far from the harbor and the log cabin in Bartlett, NH, the “Live Free or Die” state, sits on the edge of the White Mountain National Forest. He enjoys spending time in Key West and Paris. Please get in touch with E.J. at ejsmith@youngresearch.com. Sign up here to receive all the best content from Richardcyoung.com each week.