Paris – North Korea may have been behind the global cyberattack that has been affecting tens of thousands of government companies and institutions since Friday, experts said.
In the first clues of the origin of the massive ransomware attacks, Google researcher Neel Mehta posted computer code that showed similarities between the “WannaCry” malware and a vast hacking effort widely attributed to Pyongyang.
The code used in the latest attack shared many similarities with past hacks blamed on the North, including the targeting of Sony Pictures, said Simon Choi, director of Seoul internet security firm Hauri.
“I saw signs last year that the North was preparing ransomware attacks or even already beginning to do so, targeting some South Korean companies,” he told AFP.
Choi said Hauri Labs’ findings matched those of Symantec and Kaspersky Lab, who said on Monday that some code in an earlier version of the WannaCry software had also appeared in programs used by the Lazarus Group, identified by some researchers as a North Korea-run hacking operation.
Both Symantec and Kaspersky said it was too early to tell whether North Korea was involved in the attacks, based on the evidence that was published on Twitter by Mehta.
The Lazarus hackers, acting for impoverished North Korea, have been more brazen in their pursuit of financial gain than others, and have been blamed for the theft of $81 million from the Bangladesh central bank, according to some cyber security firms. The United States accused it of being behind a cyberattack on Sony Pictures in 2014.
Isolated, nuclear-armed North Korea is known to operate an army of thousands of hackers operating in both the North, and apparently China, and has been blamed for a number of major cyberattacks.
North Korea has denied being behind the Sony and banking attacks. North Korean officials were not immediately available for comment and its state media has been quiet about the matter.
US and European security officials told Reuters on condition of anonymity that it was too early to say who might be behind the attacks, but they did not rule out North Korea as a suspect.
After days of disruptions affecting networks worldwide, a top US official said the number of computers affected had reached 300,000, but that infection rates had slowed.
Europol said the situation was “stable” after attacks that struck computers in British hospital wards, European car factories and Russian banks.
But according to Michel Van Den Berghe, director of telecom group Orange’s cyber security arm, a “second wave” is to be expected.
Russia, China and India have blamed the United States government for developing the original code.
Tom Bossert, President Donald Trump’s top cyber and homeland security adviser, brushed aside suggestions that the attack stemmed from a flaw discovered by the US National Security Agency and later leaked.
“This was not a tool developed by the NSA to hold ransom data,” he said, noting that no US government systems had been hit.
Russian President Vladimir Putin earlier had suggested the United States bore responsibility.
“A genie let out of a bottle of this kind, especially created by secret services, can then cause damage to its authors and creators,” the Russian leader said on the sidelines of a summit in Beijing.
Russia has recently been accused of cyber meddling in several countries, but Putin said his country had nothing to do with the attack.
US package delivery giant FedEx, Spanish telecoms giant Telefonica and Germany’s Deutsche Bahn rail network were among those hit. The attackers demanded money to unblock their computers.
In China, 66 of the country’s universities were affected by the global ransomware attack, authorities said.
The attack blocks computers and puts up images on victims’ screens demanding payment of $300 (275 euros) in the virtual currency Bitcoin, saying: “Ooops, your files have been encrypted!”