Is North Korea behind WannaCry?

Russian security firm, Kaspersky found that the code used in the WannaCry software has been used by North Korean hacking group, Lazarus Group. The results suggest that North Korea could have links to the cyber-attack that affected 300,000 computers in 150 countries. The ransomware was able to extract a little less than $70,000 as of 16^th May, 2017.

Links to North Korea

Reports suggest that the countries affected the most by the cyber-attack are Russia, Ukraine, Taiwan and India. China was hit by the attack as well, with the ransom note written in Chinese indicating that the attack on China was well planned. With North Korea having major conflicts with the United States at present, it is surprising that the United States hasn’t been attacked to the extent the worst hit countries have been. If the aim of the attackers was to extract money, the aim has clearly not been successful.

The Lazarus Group previously hacked Sony Pictures to prevent the release of The Interview with a political agenda as the movie disrespected the North Korean leader Kim Jong-un.

Assessment

There is a possibility that the Lazarus group isn’t behind the cyber-attack as there is no clear evidence yet. Even if the group did act, there is no evidence of the North Korean government being involved. Since the group has been motivated by a political agenda in the past, it seems unlikely the group would act only for a ransom.

China being a strong ally, the North Korean government wouldn’t want to weaken its relations with the Chinese. The same applies for Russia as well. Hence, it seems unlikely that the North Korean government was behind the attack unless the motive was to flaunt power globally using the medium of a cyber-war.