Malware News Is WannaCry linked to the Lazarus Group?

Winter Soldier

Winter Soldier

Level 25
Thread author
Verified
Top Poster
Well-known
Feb 13, 2017
1,486
As last Friday’s WannaCry (WannaCrypt) ransomware attack continues to cause ripples around the globe, links have emerged between the malware code and the infamous Lazarus Group.

Lazarus is the group responsible for attacks on the Bangladesh Central Bank last year, Sony Pictures Entertainment in 2014, and more financial attacks in at least 18 countries.

Yesterday, a Google researcher, Neel Mehta, posted a code sample on Twitter that hints at a similarity between WannaCrypt and malware samples used by Lazarus in 2015.

Researchers at Kaspersky Lab‘s GReAT team analyzed the information and identified and confirmed clear code similarities between the malware samples. However, they point out that this could be a false flag operation, intended to divert suspicion from the real perpetrators.

Although this similarity alone doesn’t show proof of a strong connection between the WannaCry ransomware and the Lazarus Group, it could lead to other links that would shed light on the origins of WannaCry, which at the moment remain a mystery.

There’s more detailed information on the research on the Kaspersky SecureList blog.
 
  • Like
Reactions: silversurfer, Der.Reisende, In2an3_PpG and 11 others
ElectricSheep

ElectricSheep

Level 14
Verified
Top Poster
Well-known
Aug 31, 2014
655
Who knows who is responsible for it. But there's certainly a lot of finger pointing going on with all these groups blaming each other for it!

M$ blaming CIA for stockpiling.
CIA blaming M$ for backdoor.
The list just goes on and on and it's too early to try think of more:p
 
  • Like
Reactions: Der.Reisende, lab34, Deletedmessiah and 5 others
Winter Soldier

Winter Soldier

Level 25
Thread author
Verified
Top Poster
Well-known
Feb 13, 2017
1,486
ElectricSheep said:
Who knows who is responsible for it. But there's certainly a lot of finger pointing going on with all these groups blaming each other for it!

M$ blaming CIA for stockpiling.
CIA blaming M$ for backdoor.
The list just goes on and on and it's too early to try think of more:p
Click to expand...
Good point buddy and we are into the mess!
 
  • Like
Reactions: Der.Reisende, ElectricSheep, lab34 and 3 others
cruelsister

cruelsister

Level 42
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 13, 2013
3,144
I can't believe Kaspersky would chime in on this at all. Those that code know that there are certain shortcuts/tweaks/paroxysms that one finds in code that can be almost like a specific accent. I know this to be true as colleagues have said that even a Blind Script-Kiddie could see my hallmarks.

The Kill malware used against the Ukrainian infrastructure showed these hallmarks. Not saying who, but...

Anyway I saw the group responsible for Wanna threatens to start an Exploit a Month club. If they are only out for cash they could do better financially by selling the exploit to the Vendor (right, Endgame?), and if they are out just to cause mayhem they wouldn't market this stuff at all.

Personally I think they are just a bunch of Chumps who got lucky:

"Life is but a walking shadow, a poor player
That struts and frets his hour upon the stage
And then is heard no more: it is a tale
Told by an idiot, full of sound and fury,
Signifying nothing."
 
  • Like
Reactions: 1qay1qay, photontorpedos, ElectricSheep and 10 others
5

509322

When it comes to IT security speculation and hyperbole, these guys display the right attitude:

thIHT96T3U.jpg


Three Stooge Media Hype LLC

"We'll get it right for you..."
 
Last edited by a moderator:
  • Like
Reactions: ElectricSheep, Der.Reisende, Handsome Recluse and 2 others
Myriad

Myriad

Level 7
Verified
Well-known
May 22, 2016
349
cruelsister said:
Personally I think they are just a bunch of Chumps who got lucky:
Click to expand...

Yes indeed sister ....

I've been thinking the same way since the weekend , even more so since I saw yesterday's posts in the parallel thread here ,
and the chump-change they appear to have made from their efforts .

There is something fishy and off-kilter about this recent episode , no doubt .
The Lazarus group were way more slick .... Sony were left standing there with their " pants pulled down " , for all to see ,
and no "smoking gun" either .

My apologies for recklessly mixing my metaphors .... :)
 
  • Like
Reactions: ElectricSheep, Der.Reisende, Handsome Recluse and 2 others
You must log in or register to reply here.

Similar threads

silversurfer
    • Like
    • +Reputation
Lazarus hackers breach aerospace firm with new LightlessCan malware
Replies
0
Views
1,526
News Archive
silversurfer
silversurfer
silversurfer
    • +Reputation
    • Like
Lazarus Hacker Group Evolves Tactics, Tools, and Targets in DeathNote Campaign
Replies
0
Views
816
News Archive
silversurfer
silversurfer
vtqhtr413
    • Like
    • +Reputation
North Korean Group Andariel Strikes with New EarlyRat Malware
Replies
0
Views
969
News Archive
vtqhtr413
vtqhtr413

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top