The UK’s National Cyber Security Centre (NCSC) has concluded that last month’s widespread WannaCry malware attack originated from a North Korean hacking group. More specifically, the ransomware attack is being pinned on North Korea’s state sponsored Lazarus group, which as previously been involved in cyber attacks linking back to North Korea’s government.
The NCSC performed its own investigation following the WannaCry attack, which had a huge impact on on the NHS specifically, knocking out tens of thousands of PCs across the UK. According to security sources speaking with The BBC, NCSC does believe that Lazarus is behind the attack, though it is unknown if this money-making scheme was intended to target the NHS at all.
This is the same hacking group that reports claim was behind the Sony hack in 2014. Beyond that, it is also believed that Lazarus has been behind cyber attacks on banks. In each case, the main goal appears to gathering money. Some reports indicate that some of the code used in the WannaCry attack matches up with code used in these previous attacks.
The US Computer Emergency Response Team is also pointing its finger at Lazarus and North Korea for this latest widespread attack. All of this news follows after Microsoft issued another emergency patch for legacy versions of WIndows, adding further security to defend against another WannaCry style attack.