- Feb 13, 2017
- 1,486
As last Friday’s WannaCry (WannaCrypt) ransomware attack continues to cause ripples around the globe, links have emerged between the malware code and the infamous Lazarus Group.
Lazarus is the group responsible for attacks on the Bangladesh Central Bank last year, Sony Pictures Entertainment in 2014, and more financial attacks in at least 18 countries.
Yesterday, a Google researcher, Neel Mehta, posted a code sample on Twitter that hints at a similarity between WannaCrypt and malware samples used by Lazarus in 2015.
Researchers at Kaspersky Lab‘s GReAT team analyzed the information and identified and confirmed clear code similarities between the malware samples. However, they point out that this could be a false flag operation, intended to divert suspicion from the real perpetrators.
Although this similarity alone doesn’t show proof of a strong connection between the WannaCry ransomware and the Lazarus Group, it could lead to other links that would shed light on the origins of WannaCry, which at the moment remain a mystery.
There’s more detailed information on the research on the Kaspersky SecureList blog.
Lazarus is the group responsible for attacks on the Bangladesh Central Bank last year, Sony Pictures Entertainment in 2014, and more financial attacks in at least 18 countries.
Yesterday, a Google researcher, Neel Mehta, posted a code sample on Twitter that hints at a similarity between WannaCrypt and malware samples used by Lazarus in 2015.
Researchers at Kaspersky Lab‘s GReAT team analyzed the information and identified and confirmed clear code similarities between the malware samples. However, they point out that this could be a false flag operation, intended to divert suspicion from the real perpetrators.
Although this similarity alone doesn’t show proof of a strong connection between the WannaCry ransomware and the Lazarus Group, it could lead to other links that would shed light on the origins of WannaCry, which at the moment remain a mystery.
There’s more detailed information on the research on the Kaspersky SecureList blog.