US Blames North Korea For WannaCry, But Are Trump's Cyber Sleuths Wrong?
The Trump administration blamed North Korea for the massive WannaCry ransomware outbreak Monday night in an op-ed in the Wall Street Journal. The article was penned by Tom Bossert, key Trump cybersecurity adviser and assistant to the president for homeland security and counterterrorism.
Whilst the article produced no new evidence that North Korea carried out the attack, it cited previous attribution from the U.K. and Microsoft. Bossert said other private companies and governments had come to the same conclusion.
Shortly after the attacks in May that crippled U.K. hospitals, infected medical equipment and caused widespread chaos, cybersecurity researchers from Google, Comae Technologies, Kaspersky Lab and Symantec all made technical links between the WannaCry malware and the Lazarus Group, a cyberespionage crew previously associated with North Korean-government operations.
Describing the attacks as “cowardly, costly and careless,” Bossert added: “The attack was widespread and cost billions, and North Korea is directly responsible.
“North Korea has acted especially badly, largely unchecked, for more than a decade, and its malicious behavior is growing more egregious. WannaCry was indiscriminately reckless.
“Mr. Trump has already pulled many levers of pressure to address North Korea’s unacceptable nuclear and missile developments, and we will continue to use our maximum pressure strategy to curb Pyongyang’s ability to mount attacks, cyber or otherwise.”
Expect more attacks
Bossert and the U.S. were late in publicly attributing North Korea. Not that their attribution has been widely contested: there’s little doubt consensus is emerging amongst intelligence, law enforcement agencies and security companies that Kim Jong-un’s regime ordered the attacks. The U.K., for instance, had linked the nation to the attacks as far back as June and at least one cybersecurity company that works closely with major governments has told Forbes it is close to 100% certain on North Korea being the culprit. The escalating political tensions between the U.S. and North Korea, in particular those around the threats of nuclear war, could well have contributed to Bossert’s claims so late in the year.
Currently, the public evidence includes similarities across malware used by Lazarus Group and the WannaCry ransomware, including the use of similar code and encryption algorithms. It’s likely that neither the U.S. nor the U.K. will release the additional information they’ve acquired on attributing WannaCry to North Korea, “usually because they don’t want their adversaries to know or not know their intel capabilities,” noted Comae Technologies chief Matthieu Suiche.
He said that recently there’s been a surge of cryptocurrencies exchanges getting hacked by the Lazarus Group. WannaCry, as a ransomware, demanded payment in bitcoin. “Maybe WannaCry was just a transitional phase from traditional SWIFT heists to the cryptocurrency world,” Suiche added. “If now governments are officially acknowledging North Korea as a threat, and denouncing the lack of consequences, we can definitely expect a desperate surge of attacks from them in 2018 until an official government response happens.”