The following is an excerpt Selena Larson | May 16, 2017 | CNN.com |
It's unclear who is responsible for the global cyberattack that targeted around 300,000 machines in 150 countries. Businesses are still reeling from the fallout, and government agencies around the world are investigating.
Security researchers have documented similarities between the WannaCry code and malware created by Lazarus group, a hacking operation that has been linked to North Korea. The code similarities were discovered by Google researcher Neel Mehta on Monday. Google declined to comment.
The security firm Symantec also found links between Lazarus and WannaCry. It discovered early versions of WannaCry on systems that had been compromised by the Lazarus group's tools. These versions were different than the ransomware that spread on Friday. It is unclear whether the Lazarus group put the ransomware on those systems, or someone else did.
"We have not yet been able to confirm the Lazarus tools deployed WannaCry on these systems," a Symantec spokesperson said in a statement to CNNTech. "While these connections exist, they so far only represent weak connections. We are continuing to investigate for stronger connections."
Kaspersky Lab, a security company, has also published the similarities. The Lazarus group was linked to the 2014 hack of Sony Pictures and attacks on banks around the world.
For more: CNN.com