Neel Mehta, an Indian-origin security researcher with Google, said he has found evidence suggesting that North Korean hackers may have carried out the “unprecedented” ransomware cyber attack that hit over 150 countries, including India.
He has published a code which a Russian security firm has termed as the “most significant clue to date”, BBC reported today.
“Neel Mehta’s discovery is the most significant clue to date regarding the origins of WannaCry,” said Russian security firm Kaspersky, but noted a lot more information is needed about earlier versions of WannaCry before any conclusion can be reached, it reported. “It is important that researchers around the world probe these similarities and discover more facts about the origin of WannaCry,” it said.
Researchers on Twitter claimed some of the code used in Friday’s ransomware, known as WannaCry software, was nearly identical to the code used by the Lazarus Group, a group of North Korean hackers who used a similar version for the devastating hack of Sony Pictures Entertainment in 2014 and the last year’s hack of Bangladesh Central Bank.
Mehta has found similarities between code found within WannaCry and other tools believed to have been created by Lazarus Group in the past.
Security firm Symantec says it has "identified the presence of tools exclusively used by Lazarus on machines also infected with earlier versions of WannaCry," which could have been used to help spread the worm to vulnerable computers. The company adds that the shared code is based on "a specific sequence of 75 ciphers, which to date have only been seen across Lazarus tools."