Washington: Cyber security researchers have found technical clues they said could link North Korea with the global WannaCry ransomware cyber attack that has infected more than 300,000 machines in 150 countries since Friday.
Symantec and Kaspersky Lab say some code in an earlier version of the WannaCry software had also appeared in programs used by the Lazarus Group, which researchers from many companies have identified as a North Korea-run hacking operation that hit South Korean banks and TV stations, the Bangladesh Central Bank and Sony previously.
Microsoft slams US government over ransomware
Microsoft blames the US government for not disclosing software vulnerabilities after officials across the globe scrambled to catch the culprits behind a massive ransomware worm.
"This is the best clue we have seen to date as to the origins of WannaCry," Kaspersky Lab researcher Kurt Baumgartner said.
Both firms said it was too early to tell whether North Korea was involved in the attacks, which slowed to a crawl on Monday but have already become one of the fastest-spreading extortion campaigns on record.
The cyber companies' research will be closely followed by law enforcement agencies around the world, including Washington, where US President Donald Trump's homeland security adviser said on Monday that both foreign nations and cyber criminals were possible culprits.
The two companies said they needed to study the code more and asked for others to help with the analysis. Hackers do reuse code from other operations, so even copied lines fall well short of proof.
US and European security officials said, on condition of anonymity, that it was still too early to say who might be behind the attacks, but they did not rule out North Korea as a suspect.
The Lazarus hackers, acting for impoverished North Korea, have been more brazen in pursuit of financial gain than others, and have been blamed for the theft of $US81 million ($109 million) from a Bangladesh bank. The North Korean mission to the United Nations was not immediately available for comment.
Regardless of the source of the attack, investors piled into cyber security stocks on Monday, betting that governments and corporations will spend more to upgrade their defences.
The perpetrators had raised less than $US70,000 from users looking to regain access to their computers, according to Trump homeland security adviser Tom Bossert.
"We are not aware if payments have led to any data recovery," Bossert said, adding that no federal government systems had been affected.
Beyond the immediate need to shore up computer defences, the attack has turned cyber security into a political topic in Europe and the United States, including discussion of the role national governments play.
In a blog post on Sunday, Microsoft President Brad Smith confirmed what researchers already widely concluded: the attack made use of a hacking tool built by the US National Security Agency (NSA) that had leaked online in April.
He poured fuel on a long-running debate over how government intelligence services should balance their desire to keep software flaws secret - in order to conduct espionage and cyber warfare - against sharing those flaws with technology companies to better secure the internet.
Reuters