June 16 (UPI) — North Korea could be behind the WannaCry malware virus attack that paralyzed computers in more than 150 countries in May, according to the National Security Agency.
The Washington Post reported Wednesday the NSA made an assessment last week and with “moderate confidence” could say Pyongyang’s Reconnaissance General Bureau was behind the cyberattack that affected 300,000 computer users worldwide.
The North Korean spy agency is believed to have hired “cyber actors” for the task to infect computers with WannaCry, a computer worm that was built around an NSA hacking tool made available by Shadow Brokers, an anonymous group.
Tactics, techniques and targets were analyzed to make the assessment, according to the report.
Internet protocol addresses linked to attacks were traced to locations in China previously used by North Korea. The discovery of a WannaCry ransomware prototype at an overseas bank was the “building block” for the case.
Michael Sulmeyer, director of the cybersecurity project at Harvard’s Kennedy School, said the assessment confirmed, “You don’t have to be the best in the business to cause a lot of disruption.”
Hackers linked to the WannaCry attacks raised about $140,000 in bitcoin, from victims who paid ransoms in return for restored access.
The members of the cybercrime network Lazarus have so far been unable to cash in the money, possibly raised for North Korea revenue, because no online currency exchange will handle the bills, according to Jake Williams of Rendition Infosec, a cybersecurity company.
Shadow Brokers, the group that made the NSA hacking tool available online, may not necessarily be aligned with North Korea or any other government.
In May, the group of hackers said they would “dump” data related to North Korea nuclear and missile programs, and also divulge information on the weapons of Russia, China and Iran.
Shadow Brokers also claimed responsibility for the global ransomware attack.