WannaCry Malware Outbreak ‘Linked To North Korea’ Claim Google Security Researchers, Kaspersky And Symantec

Researchers have said WannaCry, the malware behind Friday’s wide-spread cyber-attack, may have links to a North Korean hacking group, as NHS trusts began to recover from the disruption caused by the incident.

Google security researcher Neel Mehta first suggested a link with North Korea on Monday when he posted code on Twitter that was found both in an earlier version of WannaCry and in code used in 2015 by a group linked to North Korea’s government.

‘Significant clue’

Other firms, including Kaspersky Lab, Symantec and Matt Suiche of UAE-based Comae Technologies confirmed the code appeared to match.

“Neel Mehta’s discovery is the most significant clue to date regarding the origins of WannaCry,” Kaspersky said in an advisory. “We believe it’s important that other researchers around the world investigate these similarities and attempt to discover more facts about the origin of WannaCry.”

The code found by Mehta was contained in a version of WannaCry from February of this year and a 2015 backdoor used by the hacking group, known as Lazarus Group.


The US government has accused Lazarus and the North Korean government of instigating a 2014 hack on Sony Pictures, while some security researchers say the group was involved in the theft of $81 million (£63m) from Bangladesh’s central bank last year.

Lazarus is also thought to have been behind a disruptive 2013 attack on South Korean broadcasters and banks.

NHS disruption

“Lazarus is operating a malware factory that produces new samples via multiple independent conveyors,” Kaspersky wrote.

Other security firms said the code similarities didn’t necessarily indicate any North Korean involvement WannaCry, with FireEye saying they weren’t strongly suggestive of a link.

North Korea’s mission to the United Nations didn’t immediately respond to a request for comment.

The attack has affected at least 200,000 systems in 150 countries since Friday, according to figures released by Europol over the weekend, affecting the NHS amongst other large European organisations.

In England 47 NHS trusts reported problems at hospitals, with 13 affected in Scotland. No issues were reported in Wales or Northern Ireland.

The BBC said its research suggested 16 of the English trusts were still experiencing issues as of Monday, but found the number of hospitals diverting patients from A&E decreased from seven on Sunday to two on Monday.

Find out about the second wave of WannaCry on page 2

Page: 1 2

Matthew Broersma

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Recent Posts

Spyware Maker NSO Group Found Liable In US Court

Landmark ruling finds NSO Group liable on hacking charges in US federal court, after Pegasus…

1 day ago

Microsoft Diversifying 365 Copilot Away From OpenAI

Microsoft reportedly adding internal and third-party AI models to enterprise 365 Copilot offering as it…

1 day ago

Albania Bans TikTok For One Year After Stabbing

Albania to ban access to TikTok for one year after schoolboy stabbed to death, as…

1 day ago

Foldable Shipments Slow In China Amidst Global Growth Pains

Shipments of foldable smartphones show dramatic slowdown in world's biggest smartphone market amidst broader growth…

1 day ago

Google Proposes Remedies After Antitrust Defeat

Google proposes modest remedies to restore search competition, while decrying government overreach and planning appeal

1 day ago

Sega Considers Starting Own Game Subscription Service

Sega 'evaluating' starting its own game subscription service, as on-demand business model makes headway in…

1 day ago