North Korean Lazarus botnet linked to WannaCry attack
There have been global reports that a North Korean hacking group was linked to the WannaCry attacks on NHS computers last month.
The hackers were reported to have been sponsored by North Korea’s spy agency, and have strong links to Lazarus, the group responsible for the cyber attack on Sony Pictures Entertainment.
WannaCry was the biggest security breach that the National Cyber Security Centre (NCSC) has ever had to deal with. The NCSC’s incident management function was called in to understand who the victims were, the technical characteristics of the attack, and how it was spreading.
Subsequently, the focus shifted to who was behind the attack and what the initial attack aim was but, even 5 days after the attack, none of these questions reached any solid conclusions.
However, one of the tools used in the attack has been identified as DeltaCharlie, a type of malware used to manage North Korea’s DDoS botnet infrastructure. It is known as part of a collection of North Korean malware tools classified as “Hidden Cobra” by the DHS and FBI.
It is understood that ‘Hidden Cobra actors’ have enhanced their ability to target a number of victims; this activity has been referred to as Lazarus Group and Guardians of Peace by Commercial reporting.
The attacks carried out have been disruptive to say the least, with exfiltration of data occurring in some instances.
The WannaCry attack serves as a reminder that breaches in cyber-security are just as likely to happen to the the private sector as the government sector.
View Internet News Archive