Malware News Is WannaCry linked to the Lazarus Group?

Winter Soldier

Level 25
Thread author
Verified
Top Poster
Well-known
Feb 13, 2017
1,486
As last Friday’s WannaCry (WannaCrypt) ransomware attack continues to cause ripples around the globe, links have emerged between the malware code and the infamous Lazarus Group.

Lazarus is the group responsible for attacks on the Bangladesh Central Bank last year, Sony Pictures Entertainment in 2014, and more financial attacks in at least 18 countries.

Yesterday, a Google researcher, Neel Mehta, posted a code sample on Twitter that hints at a similarity between WannaCrypt and malware samples used by Lazarus in 2015.

Researchers at Kaspersky Lab‘s GReAT team analyzed the information and identified and confirmed clear code similarities between the malware samples. However, they point out that this could be a false flag operation, intended to divert suspicion from the real perpetrators.

Although this similarity alone doesn’t show proof of a strong connection between the WannaCry ransomware and the Lazarus Group, it could lead to other links that would shed light on the origins of WannaCry, which at the moment remain a mystery.

There’s more detailed information on the research on the Kaspersky SecureList blog.
 

ElectricSheep

Level 14
Verified
Top Poster
Well-known
Aug 31, 2014
655
Who knows who is responsible for it. But there's certainly a lot of finger pointing going on with all these groups blaming each other for it!

M$ blaming CIA for stockpiling.
CIA blaming M$ for backdoor.
The list just goes on and on and it's too early to try think of more:p
 

Winter Soldier

Level 25
Thread author
Verified
Top Poster
Well-known
Feb 13, 2017
1,486
Who knows who is responsible for it. But there's certainly a lot of finger pointing going on with all these groups blaming each other for it!

M$ blaming CIA for stockpiling.
CIA blaming M$ for backdoor.
The list just goes on and on and it's too early to try think of more:p
Good point buddy and we are into the mess!
 

cruelsister

Level 43
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 13, 2013
3,224
I can't believe Kaspersky would chime in on this at all. Those that code know that there are certain shortcuts/tweaks/paroxysms that one finds in code that can be almost like a specific accent. I know this to be true as colleagues have said that even a Blind Script-Kiddie could see my hallmarks.

The Kill malware used against the Ukrainian infrastructure showed these hallmarks. Not saying who, but...

Anyway I saw the group responsible for Wanna threatens to start an Exploit a Month club. If they are only out for cash they could do better financially by selling the exploit to the Vendor (right, Endgame?), and if they are out just to cause mayhem they wouldn't market this stuff at all.

Personally I think they are just a bunch of Chumps who got lucky:

"Life is but a walking shadow, a poor player
That struts and frets his hour upon the stage
And then is heard no more: it is a tale
Told by an idiot, full of sound and fury,
Signifying nothing."
 
5

509322

When it comes to IT security speculation and hyperbole, these guys display the right attitude:

thIHT96T3U.jpg


Three Stooge Media Hype LLC

"We'll get it right for you..."
 
Last edited by a moderator:

Myriad

Level 7
Verified
Well-known
May 22, 2016
349
Personally I think they are just a bunch of Chumps who got lucky:

Yes indeed sister ....

I've been thinking the same way since the weekend , even more so since I saw yesterday's posts in the parallel thread here ,
and the chump-change they appear to have made from their efforts .

There is something fishy and off-kilter about this recent episode , no doubt .
The Lazarus group were way more slick .... Sony were left standing there with their " pants pulled down " , for all to see ,
and no "smoking gun" either .

My apologies for recklessly mixing my metaphors .... :)
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top