Slashdot Mirror

← Back to Stories (view on slashdot.org)

NSA Links WannaCry To North Korea (washingtonpost.com)

Posted by BeauHD on from the finger-pointing dept.

An anonymous reader quotes a report from The Washington Post: The National Security Agency has linked the North Korean government to the creation of the WannaCry computer worm that affected more than 300,000 people in some 150 countries last month, according to U.S. intelligence officials. The assessment, which was issued internally last week and has not been made public, is based on an analysis of tactics, techniques and targets that point with "moderate confidence" to North Korea's spy agency, the Reconnaissance General Bureau, according to an individual familiar with the report. The assessment states that "cyber actors" suspected to be "sponsored by" the RGB were behind two versions of WannaCry, a worm that was built around an NSA hacking tool that had been obtained and posted online last year by an anonymous group calling itself the Shadow Brokers. Though the assessment is not conclusive, the preponderance of the evidence points to Pyongyang. It includes the range of computer Internet protocol addresses in China historically used by the RGB, and the assessment is consistent with intelligence gathered recently by other Western spy agencies. It states that the hackers behind WannaCry are also called "the Lazarus Group," a name used by private-sector researchers.

4 of 99 comments (clear)

  1. Don't believe it by campuscodi · · Score: 5, Interesting

    Recored Future is disputing WaPo's findings: https://www.recordedfuture.com...
    Furthermore, the US seems to be on a PR campaign to blame NK. Yesterday, FBI&DHS put out a report claiming that big bad NK was building a botnet. They put out 8-year-old IOCs: https://www.us-cert.gov/ncas/a...
    Someone's pushing an agenda here...

  2. I trust the NSA implicitly by JoeyRox · · Score: 5, Interesting

    Why would a government agency spying on me have a reason to lie?

  3. Re:Bullshit by Kiaser+Zohsay · · Score: 4, Interesting

    The only TLA that applies here is "CYA". I guess they think it's less embarrassing for another state actor to weaponize their leaked vulnerabilities than for some script kiddies scamming for bitcoin to do it.

    --
    I am not your blowing wind, I am the lightning.
  4. Re:Bullshit by DarenN · · Score: 2, Interesting

    Pyonyang has been financing itself for years by cyber attacks on large banks - they have quite sophisticated hacking abilities. They've also been under sustained cyber attack themselves (if a NK missile goes walkabout on test firing there's a fair chance it was compromised although it's not definite because they do have other quality issues) so I assume that they are reasonably sophisticated in cyber defense.

    --
    Rational thought is the only true freedom