London/Washington: As the world struggles to identify the cybercriminals behind the global ransomware attack that hit 150 countries over the weekend, Neel Mehta, an Indian-origin security researcher working with Google, has claimed on Twitter that the hackers may have links to North Korea.
According to Mehta’s discovery, the ‘Lazarus Group’ that works on behalf of North Koreans may be behind the attack as the hacking group has, in the past, used the same coding and tools as were used in ‘WannaCrypt’ — the software used in the current hacking into the Microsoft operating software.
Mehta, a University of British Columbia graduate who earlier worked with IBM Internet Security Systems, posted “codes” on Twitter, potentially pointing at a connection between the ‘WannaCrypt’ ransomware attacks and the malware attributed to the infamous ‘Lazarus Group’, responsible for a series of devastating attacks against government organisations, media and financial institutions.
“Our researchers analysed this information, identified and confirmed clear code similarities between the malware sample highlighted by the Google researcher and the malware samples used by the ‘Lazarus Group’ in the 2015 attacks,” Altaf Halde, Managing Director of Kaspersky Lab (South Asia), said, adding, “Neel Mehta’s discovery is the most significant clue to date regarding the origins of WannaCrypt.”
In 2014, Mehta uncovered the ‘Heartbleed’ security bug that left millions of websites, online stores and social networks with a major security hole in place.
‘Lazarus Group’, that according to Mehta is based in China, was responsible for a major hack on Sony Pictures in 2014 and another on a Bangladeshi bank in 2016. Kaspersky Lab, however, noted that a lot more information was needed about earlier versions of ‘WannaCrypt’ before any firm conclusion could be reached.