WannaCry Ransomware Shares Code With North Korean Malware, Says Researchers

New submitter unarmed8 quotes a report from CyberScoop: The ransomware known as WannaCry that spread rapidly to 300,000 machines in 150 countries over the past few days shares code with malware written by a group of North Korean hackers known as the Lazarus Group. While the shared code is important, experts warned that it's far from proof about who created and launched the ransomware attacks. Neel Mehta, a security researcher at Google, first pointed out the shared code on Monday on Twitter. The link was quickly echoed by numerous other experts. "From a technical point of view those two functions and their references are identical," said Matt Suiche, founder of United Arab Emirates-based cybersecurity firm Comaeio. "From an attribution point of view a ransomware would subscribe to the narrative of Lazarus Group, which is stealing money like we saw with multiple financial institutions with fraudulent SWIFT transactions -- having a nation-state powered ransomware leveraging crypto currency would be a first."

I thought this ransomware came from NSA

[mea2214]

Now it comes from North Korea? Who wrote this movie? It makes no sense.

Re:I thought this ransomware came from NSA

[AHuxley]

The CIA and NSA can ensure that the code the US uses can hide its origins around the world.
The code litter later found by experts, the staging server ip range, time zone, language will point to a list of nations.
"Latest WikiLeaks dump exposes CIA methods to mask malware" (Mar 31, 2017)
http://www.pcworld.com/article...
Marble Framework, "... anti-forensic tools support other languages such as Chinese, Russian, Korean, Arabic and Farsi. “This would permit a forensic attribution double game,”"
So a lot of code exists on file that is full of code litter that must be from different nations.

the propaganda narrative needs work.

[nimbius]

Either North Korea is an impoverished dictatorship that could never, ever launch a successful ICBM and routinely runs out of energy and food, or its an underground powerhouse releasing some of the deadliest malware to date and rivals the US and Russia in technical prowess.

Theres also the unresolved dependency that this exploit came from the NSA. Nice try.

Re:the propaganda narrative needs work.

[xlsior]

Theres also the unresolved dependency that this exploit came from the NSA. Nice try.

That's not mutually exclusive.

The exploit for the security hole that it uses to spread presumably came from the leaked NSA code, but that doesn't mean that the rest of the virus did. Theoretically anyone could have bolted the exploit code as an attack vector onto their existing program/virus framework, which means that the final product -could- have a lot in commmon with other malware that's been seen before.

Re: Mongers gonna monger...

[GLMDesigns]

Really? Don't you think that Hillary would have played just well with the Russians? All Putin would have to do is put a few dollars in the Clinton Foundation and bingo.

There is no evidence of a hack or of any collusion between Trump and Russia - especially collusion that would be counter to US interests.

Ooo. An international company (Exxon-Mobil) had business dealings with Russia. Wow. Proof of collusion. Yeah Right.
Ooo. An international real estate company had business negotiations with Russians. Wow. Lock them the f**k up.

Keep this stuff up guys and you'll see the end of the Democratic Party.