WannaCry Malware Outbreak ‘Linked To North Korea’ Claim Google Security Researchers, Kaspersky And Symantec

Researchers have said WannaCry, the malware behind Friday’s wide-spread cyber-attack, may have links to a North Korean hacking group, as NHS trusts began to recover from the disruption caused by the incident.

Google security researcher Neel Mehta first suggested a link with North Korea on Monday when he posted code on Twitter that was found both in an earlier version of WannaCry and in code used in 2015 by a group linked to North Korea’s government.

‘Significant clue’

Other firms, including Kaspersky Lab, Symantec and Matt Suiche of UAE-based Comae Technologies confirmed the code appeared to match.

“Neel Mehta’s discovery is the most significant clue to date regarding the origins of WannaCry,” Kaspersky said in an advisory. “We believe it’s important that other researchers around the world investigate these similarities and attempt to discover more facts about the origin of WannaCry.”

The code found by Mehta was contained in a version of WannaCry from February of this year and a 2015 backdoor used by the hacking group, known as Lazarus Group.


The US government has accused Lazarus and the North Korean government of instigating a 2014 hack on Sony Pictures, while some security researchers say the group was involved in the theft of $81 million (£63m) from Bangladesh’s central bank last year.

Lazarus is also thought to have been behind a disruptive 2013 attack on South Korean broadcasters and banks.

NHS disruption

“Lazarus is operating a malware factory that produces new samples via multiple independent conveyors,” Kaspersky wrote.

Other security firms said the code similarities didn’t necessarily indicate any North Korean involvement WannaCry, with FireEye saying they weren’t strongly suggestive of a link.

North Korea’s mission to the United Nations didn’t immediately respond to a request for comment.

The attack has affected at least 200,000 systems in 150 countries since Friday, according to figures released by Europol over the weekend, affecting the NHS amongst other large European organisations.

In England 47 NHS trusts reported problems at hospitals, with 13 affected in Scotland. No issues were reported in Wales or Northern Ireland.

The BBC said its research suggested 16 of the English trusts were still experiencing issues as of Monday, but found the number of hospitals diverting patients from A&E decreased from seven on Sunday to two on Monday.

Find out about the second wave of WannaCry on page 2

Page: 1 2

Matthew Broersma

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Recent Posts

The Sustainability of AI

While AI promises unparalleled efficiency, productivity, and innovation, questions regarding its environmental impact loom large.…

7 mins ago

Trump’s Truth Social Makes Successful Market Debut

Shares in Donald Trump’s social media company rose about 16 percent after first day of…

27 mins ago

Dutch PM Raises Cyber Espionage Case With China’s Xi

Beijing visit sees Dutch Prime Minister Mark Rutte discuss cyber espionage incident with Chinese President…

1 hour ago

Vodafone Germany Confirms 2,000 Job Losses, Amid European Restructuring

More downsizing at Vodafone after German operation announces 2,000 jobs will be axed, as automation…

18 hours ago

AI Poses ‘Jobs Apocalypse’, Warns Report

IPPR report warns AI could remove almost 8 million jobs in the United Kingdom, with…

18 hours ago

Europe’s Longest Hyperloop Test Track Opens

European Hyperloop Center in the Netherlands seeks to advance futuristic transport technology, despite US setbacks

19 hours ago