Cyber security researchers have found technical evidence they said could link North Korea with the global WannaCry "ransomware" cyber attack that has infected more than 300,000 computers in 150 countries since Friday.
Symantec and Kaspersky Lab said on Monday that some code in an earlier version of the WannaCry software had also appeared in programs used by the Lazarus Group, which researchers from many companies have identified as a North Korea-run hacking operation.
"This is the best clue we have seen to date as to the origins of WannaCry," Kaspersky Lab researcher Kurt Baumgartner told Reuters.
Both firms said it was too early to tell whether North Korea was involved in the attacks, based on the evidence that was published on Twitter by Google security researcher Neel Mehta. The attacks, which slowed on Monday, are among the fastest-spreading extortion campaigns on record.
The research will be closely followed by law enforcement agencies around the world, including Washington, where President Donald Trump's homeland security adviser said on Monday that both foreign nations and cyber criminals were possible culprits.
The two security firms said they needed to study the code more and asked for others to help with the analysis. Hackers do reuse code from other operations, so even copied lines fall well short of proof.
U.S. and European security officials told Reuters on condition of anonymity that it was too early to say who might be behind the attacks, but they did not rule out North Korea as a suspect.
FireEye Inc, another large cyber security firm, said it was also investigating a possible link.
"The similarities we see between malware linked to that group and WannaCry are not unique enough to be strongly suggestive of a common operator," FireEye researcher John Miller said.
The Lazarus hackers, acting for impoverished North Korea, have been more brazen in pursuit of financial gain than others, and have been blamed for the theft of $81 million from the Bangladesh central bank, according to some cyber security firms. The North Korean mission to the United Nations was not immediately available for comment.
Regardless of the source of the attack, investors piled into cyber security stocks on Monday, betting that governments and corporations will spend more to upgrade their defences.
SMALL PAYOUT
The perpetrators had raised less than $70,000 from users paying to regain access to their computers, according to Trump homeland security adviser Tom Bossert.
"We are not aware if payments have led to any data recovery," Bossert said, adding that no U.S. federal government systems had been affected.
WannaCry demanded ransoms starting at $300, in line with many cyber extortion campaigns, which keep pricing low so more victims will pay.
Still, some security experts said they were not sure if the motive of WannaCry was primarily to make money, noting that large cyber extortion campaigns typically generate millions of dollars of revenue.
“I believe that this was spread for the purpose of causing as much damage as possible,” said Matthew Hickey, a co-founder of British cyber consulting firm Hacker House.
The countries most affected by WannaCry to date are Russia, Taiwan, Ukraine and India, according to Czech security firm Avast.
The number of infections has fallen dramatically since Friday’s peak when more than 9,000 computers were being hit per hour. Earlier on Monday, Chinese traffic police and schools reported they had been targeted as the attack rolled into Asia for the new work week, but no there were no major disruptions.
Authorities in Europe and the United States turned their attention to preventing hackers from spreading new versions of the virus.
Shares in firms that provide cyber security services rose sharply, led by Israel's Cyren Ltd and U.S.-based FireEye.
Cisco Systems closed up 2.3 percent and was the second-biggest gainer in the Dow Jones Industrial Average, as investors focussed more on opportunities that the attack presented for technology firms than the risk it posed to corporations.
Morgan Stanley, in upgrading the stock, said Cisco should benefit from network spending driven by security needs.
POLITICAL TOPIC
Beyond the immediate need to shore up computer defences, the attack turned cyber security into a political topic in Europe and the United States, including discussion of the role national governments play.
In a blog post on Sunday, Microsoft Corp President Brad Smith confirmed what researchers already widely concluded: The attack made use of a hacking tool built by the U.S. National Security Agency (NSA) that had leaked online in April.
He poured fuel on a long-running debate over how government intelligence services should balance their desire to keep software flaws secret - in order to conduct espionage and cyber warfare - against sharing those flaws with technology companies to better secure the internet.
On Monday, Bossert sought to distance the NSA from any blame.
"This was not a tool developed by the NSA to hold ransom data. This was a tool developed by culpable parties, potentially criminals or foreign nation-states, that were put together in such a way as to deliver phishing emails, put it into embedded documents, and cause infection, encryption and locking," Bossert said.
Russian President Vladimir Putin, noting the technology's link to the U.S. spy service, said it should be "discussed immediately on a serious political level."
"Once they're let out of the lamp, genies of this kind, especially those created by intelligence services, can later do damage to their authors and creators," he said.
Reuters
Tue May 16 2017
![Researchers see possible North Korea link to global cyber attack Researchers see possible North Korea link to global cyber attack](https://resizer-awani.eco.astro.com.my/tr:w-177,h-100,q-100,f-auto/http://img.astroawani.com/2017-05/61494906981_cyberattack.jpg)
A projection of cyber code on a hooded man is pictured in this illustration picture taken on May 13, 2017. REUTERS/Kacper Pempel/Illustration/Files
AWANI 7:45 [16/07/2024] - Suspek dibawa ke lokasi | Selamat tinggal rakyat Malaysia | Harimau Malaya hilang taring?
- Polis sahkan suspek bunuh Kartini anggota polis.
- Pan-Gon enggan dedah punca letak jawatan.
- Faisal Halim sedih mentor Pan-Gon undur diri.
- Pakai reben putih di Parlimen, tak salah.
- Pan-Gon enggan dedah punca letak jawatan.
- Faisal Halim sedih mentor Pan-Gon undur diri.
- Pakai reben putih di Parlimen, tak salah.
![E-sukan harus dijadikan kepentingan sehingga ke peringkat lebih tinggi E-sukan harus dijadikan kepentingan sehingga ke peringkat lebih tinggi](https://resizer-awani.eco.astro.com.my/tr:w-177,h-100,q-100,f-auto/https://img.astroawani.com/2024-07/61721128633_MohdHidayatMohdSa.jpg)
E-sukan harus dijadikan kepentingan sehingga ke peringkat lebih tinggi
Kerajaan juga harus wujudkan sebuah dasar yang jelas supaya kepentingan e-sukan ini mampu diperkembangkan ke masa hadapan.
![Kerajaan pandang serius penularan ideologi liberalism, pluralism Kerajaan pandang serius penularan ideologi liberalism, pluralism](https://resizer-awani.eco.astro.com.my/tr:w-177,h-100,q-100,f-auto/https://img.astroawani.com/2024-07/61721122322_ZulkifliHasan.jpg)
Kerajaan pandang serius penularan ideologi liberalism, pluralism
Kerajaan sentiasa memandang serius terhadap penularan ideologi dan aliran pemikiran yang bercanggah dengan ajaran Islam seperti ideologi liberalism dan pluralism agama.
![Tidak dapat tidak, atlet RTG mesti bawa pulang emas - MOM Tidak dapat tidak, atlet RTG mesti bawa pulang emas - MOM](https://resizer-awani.eco.astro.com.my/tr:w-177,h-100,q-100,f-auto/https://img.astroawani.com/2024-03/61710754100_MohdNazifuddinNaji.jpg)
Tidak dapat tidak, atlet RTG mesti bawa pulang emas - MOM
Atlet di bawah projek Road To Gold (RTG) tidak mempunyai pilihan selain memenangi emas yang diidam-idamkan Malaysia pada Sukan Olimpik 2024 di Paris.
![KEDA peruntuk RM3.37 juta tahun ini bagi keterjaminan makanan KEDA peruntuk RM3.37 juta tahun ini bagi keterjaminan makanan](https://resizer-awani.eco.astro.com.my/tr:w-177,h-100,q-100,f-auto/https://img.astroawani.com/2023-09/41693913999_RubiahWang.jpg)
KEDA peruntuk RM3.37 juta tahun ini bagi keterjaminan makanan
Lembaga Kemajuan Wilayah Kedah (KEDA) memperuntukkan RM3.37 juta pada tahun ini bagi memastikan keterjaminan makanan negara.
![Dewan Rakyat lulus RUU Agensi Kawalan dan Perlindungan Sempadan Malaysia Dewan Rakyat lulus RUU Agensi Kawalan dan Perlindungan Sempadan Malaysia](https://resizer-awani.eco.astro.com.my/tr:w-177,h-100,q-100,f-auto/https://img.astroawani.com/2024-07/41721021538_TBSHAMSUL.jpg)
Dewan Rakyat lulus RUU Agensi Kawalan dan Perlindungan Sempadan Malaysia
Rang Undang-Undang Agensi Kawalan dan Perlindungan Sempadan Malaysia 2024 yang bertujuan menubuhkan MCBA diluluskan persidangan Dewan Rakyat, hari ini.
![PAC akan mulakan prosiding isu dibangkit LKAN Siri 2/2024 PAC akan mulakan prosiding isu dibangkit LKAN Siri 2/2024](https://resizer-awani.eco.astro.com.my/tr:w-177,h-100,q-100,f-auto/https://img.astroawani.com/2024-03/61710922383_MasErmieyatiSamsud.jpg)
PAC akan mulakan prosiding isu dibangkit LKAN Siri 2/2024
Jawatankuasa Kira-Kira Wang Negara (PAC) akan memulakan prosiding bagi empat isu yang dibangkitkan dalam Laporan Ketua Audit Negara (LKAN) Siri 2/2024.
AWANI Ringkas: Kes bunuh Nur Farah Kartini | Skandal LCS
Ikuti rangkuman berita utama yang menjadi tumpuan sepanjang hari di Astro AWANI menerusi AWANI Ringkas.
ADUN Rembia sertai Pas, kenapa tak umum tahun lepas? - MP Kampar
Chong Zhemin, tindakan tersebut seolah-olah satu penghinaan paling besar kepada Parlimen yang telah meluluskan pindaan Perlembagaan Persekutuan berkait Akta Antilompat Parti.
Masuk Pas untuk sama-sama susah dengan rakyat - ADUN Rembia
Muhamad Jailani berkata, sebelum ini beliau pernah menghantar surat kepada Lembaga Disiplin UMNO memohon untuk memecat keahliannya daripada parti Melayu itu.