WannaCry Malware Outbreak ‘Linked To North Korea’ Claim Google Security Researchers, Kaspersky And Symantec

Researchers have said WannaCry, the malware behind Friday’s wide-spread cyber-attack, may have links to a North Korean hacking group, as NHS trusts began to recover from the disruption caused by the incident.

Google security researcher Neel Mehta first suggested a link with North Korea on Monday when he posted code on Twitter that was found both in an earlier version of WannaCry and in code used in 2015 by a group linked to North Korea’s government.

‘Significant clue’

Other firms, including Kaspersky Lab, Symantec and Matt Suiche of UAE-based Comae Technologies confirmed the code appeared to match.

“Neel Mehta’s discovery is the most significant clue to date regarding the origins of WannaCry,” Kaspersky said in an advisory. “We believe it’s important that other researchers around the world investigate these similarities and attempt to discover more facts about the origin of WannaCry.”

The code found by Mehta was contained in a version of WannaCry from February of this year and a 2015 backdoor used by the hacking group, known as Lazarus Group.


The US government has accused Lazarus and the North Korean government of instigating a 2014 hack on Sony Pictures, while some security researchers say the group was involved in the theft of $81 million (£63m) from Bangladesh’s central bank last year.

Lazarus is also thought to have been behind a disruptive 2013 attack on South Korean broadcasters and banks.

NHS disruption

“Lazarus is operating a malware factory that produces new samples via multiple independent conveyors,” Kaspersky wrote.

Other security firms said the code similarities didn’t necessarily indicate any North Korean involvement WannaCry, with FireEye saying they weren’t strongly suggestive of a link.

North Korea’s mission to the United Nations didn’t immediately respond to a request for comment.

The attack has affected at least 200,000 systems in 150 countries since Friday, according to figures released by Europol over the weekend, affecting the NHS amongst other large European organisations.

In England 47 NHS trusts reported problems at hospitals, with 13 affected in Scotland. No issues were reported in Wales or Northern Ireland.

The BBC said its research suggested 16 of the English trusts were still experiencing issues as of Monday, but found the number of hospitals diverting patients from A&E decreased from seven on Sunday to two on Monday.

Find out about the second wave of WannaCry on page 2

Page: 1 2

Matthew Broersma

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Recent Posts

Apple, Google Mobile Ecosystems Should Be Investigated, CMA Told

CMA receives 'provisional recommendation' from independent inquiry that Apple,Google mobile ecosystem needs investigation

1 day ago

Australia Rejects Elon Musk Claim About Social Media Ban For Under-16s

Government minister flatly rejects Elon Musk's “unsurprising” allegation that Australian government seeks control of Internet…

2 days ago

Northvolt Files For Bankruptcy Protection In US

Northvolt files for Chapter 11 bankruptcy protection in the United States, and CEO and co-founder…

2 days ago

UK’s CMA Readies Cloud Sector “Behavioural” Remedies – Report

Targetting AWS, Microsoft? British competition regulator soon to announce “behavioural” remedies for cloud sector

2 days ago

Former Policy Boss At X, Nick Pickles, Joins Sam Altman Venture

Move to Elon Musk rival. Former senior executive at X joins Sam Altman's venture formerly…

2 days ago

Bitcoin Rises Above $96,000 Amid Trump Optimism

Bitcoin price rises towards $100,000, amid investor optimism of friendlier US regulatory landscape under Donald…

2 days ago