NSA points to North Korea as culprit in “WannaCry” ransomware attack

Posted on : 2017-06-16 13:53 KST Modified on : 2017-06-16 13:53 KST
Evidence indicates North Korea’s Reconnaissance General Bureau was behind apparent effort to raise money for the regime
A computer hit by a ransomware attack
A computer hit by a ransomware attack

The US National Security Agency (NSA) has concluded that North Korea’s Reconnaissance General Bureau (RGB) was implicated in the “WannaCry” ransomware attack that took place last month, the US media reported on June 14.

Quoting US intelligence officials, the Washington Post reported that this conclusion, “which was issued internally last week and has not been made public, is based on an analysis of tactics, techniques and targets” of the ransomware attack, which “affected more than 300,000 people in some 150 countries last month.” These factors “point with ‘moderate confidence’ to North Korea’s spy agency, the Reconnaissance General Bureau,” the newspaper said.

WannaCry encrypts files and then offers to decrypt them for a payment of bitcoins. “The assessment states that ‘cyber actors’ suspected to be ‘sponsored by’ the RGB were behind two versions of WannaCry, a worm that was built around an NSA hacking tool that had been obtained and posted online last year by an anonymous group calling itself the Shadow Brokers,” the Washington Post said.

“WannaCry was apparently an attempt to raise revenue for the regime, but analysts said the effort was flawed. Though the hackers raised $140,000 in bitcoin, a form of digital currency, so far they have not cashed it in, the analysts said,” according to the Washington Post. “That is likely because an operational error has made the transactions easy to track, including by law enforcement.”

“Though the assessment is not conclusive, the preponderance of the evidence points to Pyongyang. It includes the range of computer Internet protocol addresses in China historically used by the RGB, and the assessment [that North Korea was behind the attack] is consistent with intelligence gathered recently by other Western spy agencies,” the newspaper said.

“Last year, security researchers identified North Korea as the culprit behind a series of cyber-enabled heists of banks in Asia, including one in Bangladesh that netted more than $81 million by manipulating the bank’s global payments messaging system,” the Washington Post reported.

Since 2009, the North Korean hacking organization Hidden Cobra has been targeting “the media, aerospace, financial, and critical infrastructure sectors in the United States and globally,” the US Department of Homeland Security and the FBI said in a joint statement released on June 13. The statement called for precautions to be taken against further cyberattacks.

By Hwang Sang-cheol, staff reporter

Please direct questions or comments to [english@hani.co.kr]

Related stories