Kaspersky agrees WannaCry attacks could be work of Lazarus hackers
Russia-based Kaspersky Lab, a well-regarded computer-security firm, has confirmed there are key similarities between the recent WannaCry ransomware attacks and malware distributed previously by a hacker group called Lazarus.
But Kaspersky cautioned in a statement that there is still no “proof of a strong connection” and that “the similarity of course could be a false-flag operation” meant to divert blame for the ransomware attacks.
In its statement, Kaspersky largely backs the finding that a Google security researcher posted on Twitter on Monday “potentially pointing at a connection” between WannaCry and “the malware attributed to the infamous Lazarus hacking group, responsible for a series of devastating attacks against government organisations, media and financial institutions.
“The largest operations linked to the Lazarus group include the attacks against Sony Pictures in 2014, the Central Bank of Bangladesh cyber heist in 2016 and a subsequent series of similar attacks that continued in 2017.”
Kaspersky Labs researchers analysed the Google staffer’s information that an initial “sample” of WannaCry malware appeared in February this year “and confirmed clear code similarities” with the malware used by Lazarus in the 2015 attacks.
“The similarity of course could be a false-flag operation”, Kaspersky said, but the comparison shows that the code pointing to Lazarus “was removed from the WannaCry malware used in the attacks started last Friday. This can be an attempt to cover traces conducted by the orchestrators of the WannaCry campaign.
“Although this similarity alone doesn’t allow proof of a strong connection between the WannaCry ransomware and the Lazarus group, it can potentially lead to new ones which would shed light on the WannaCry origin, which at the moment remains a mystery.”