In the aftermath of one of the most worrying Mondays in history from the cyber point of view, new developments are affecting the WannaCry affair: in particular, the first hypotheses regarding the culprits of this worldwide cyber attack are beginning to develop.
On Monday, May 15, WannaCry started “shedding tears” even in Asia, infecting something like 300 thousand computers worldwide. Despite the fact that our Eastern friends are not exempt from this ransomware, it seems that it contains clues pointing to a direct involvement of North Korea, at least according to some of the biggest cybersecurity companies such as Symantec and Kaspersky as well as other independent researchers and companies such as Google. The similarity appears to involve an early version of WannaCry and the code used in 2015 by Lazarus, a hacker group believed to be linked to the government of North Korea that became famous in 2014 for its attack against Sony Pictures to boycott “The Interview,” the comedy film about an unlikely mission to kill North Korean dictator Kim Jong-un.
However, it is still too early to sing victory as although the similarities are consistent, it is not possible to say with certainty that the ransomware is linked to North Korea. For example, it cannot be ruled out that Lazarus’ code was recycled from another hacker organization, or that it was deliberately inserted to confuse those investigating the origin of the computer virus. However, Kaspersky noted that the recycled code is no longer present in the new versions of WannaCry, which have been put into circulation in the last few days to try to evade antivirus systems, and that more investigations will be needed to figure it out.
Many details about WannaCry still need to be clarified, but in particular the story becomes more intricate and worrying if it actually has a connection with the current world political scenario, which is anything but relaxed.