As countries across the world are still scrambling to apprehend the massive WannaCry “ransomware” cyber-attack, security researchers have discovered some clues about who may be behind the recent cyber warfare.
Researchers have found some leads linking North Korea to the “ransomware” attack, that infected over 300,000 computers in 150 countries earlier in the month.
“The crux of the allegations against North Korea is its connection to a hacking group called Lazarus that is linked to last year’s $81 million cyber heist at the Bangladesh central bank and the 2014 attack on Sony’s Hollywood studio,” writes Reuters. “The U.S. government has blamed North Korea for the Sony hack and some U.S. officials have said prosecutors are building a case against Pyongyang in the Bangladesh Bank theft.”
So far, no criminal charges have been filed regarding North Korea’s involvement in the Sony and banking attacks. The country has denied being behind them, along with the most recent WannaCry outbreak.
However, experts have found some clues from sources inside North Korea.
Kim Heung-kwang, who previously was a computer science professor in North Korea before relocating to the South in 2004, has sources placing the blame for the Pyongyang’s cyber-attacks on a special known as Unit 180, a part of the country’s intelligence agency, Reconnaissance General Bureau (RGB.)
“Unit 180 is engaged in hacking financial institutions (by) breaching and withdrawing money out of bank accounts,” said Kim to Reuters. “The hackers go overseas to find somewhere with better internet services than North Korea so as not to leave a trace.”
The former professor also said the country has a cyber army, where some of his past students now work.
Unit 180 is just one of the many elite cyber warfare groups in the country working for the intelligence community.
“The personnel are recruited from senior middle schools and receive advanced training at some elite training institutions,” said Michael Madden, a U.S.-based expert on the North Korean leadership, to Reuters. “They have a certain amount of autonomy in their missions and tasking as well/”
The North Korea expert, James Lewis said the hacking was originally used for espionage, but quickly morphed to support criminal activities.
“They changed after Sony by using hacking to support criminal activities to generate hard currency for the regime,” said Lewis. “So far, it’s worked as well or better as drugs, counterfeiting, smuggling – all their usual tricks.”
South Korean officials have also said that the country is good at covering up their tracks.
“North Korea is carrying out cyber-attacks through third countries to cover up the origin of the attacks and using their information and communication technology infrastructure,” said Ahn Chong-ghee, South Korea’s vice foreign minister to Reuters.
Although technical evidence has not been found linking North Korea to the “ransomware” attack, they have the capabilities to be responsible for this month’s cyberwarfare.
“Their capabilities have improved steadily over time, and we consider them to be a threat actor that is capable of inflicting significant damage on U.S. private or government networks,” said Dmitri Alperovitch, co-founder of the U.S. security firm CrowdStrike Inc.
Author’s note: With all of this being said, nuclear warheads aren’t the only thing we should fear from North Korea. Cyber warfare could be equally as dangerous, especially since the country is so hostile.
Editor’s note: Unfortunately cyber crime is an area where one can gain a great deal of expertise very quickly. It is relatively easy to hire underground experts to teach this craft. I suspect North Korea is very good at identifying talent in their population to use for this endeavvor. In short, if they want to be a player on the world stage, this may be a good bet.