London: The “unprecedented” ransomware cyberattack that hit over 150 countries, including India could be the handiwork of North Korean hackers if the evidence found by an Indian-origin security researcher with Google is any indication.
Neel Mehta has published a code which a Russian security firm has termed as the “most significant clue to date”, it was reported.
The code, published on Twitter, is exclusive to North Korean hackers, researchers said.
Researchers have said that some of the code used in Friday’s ransomware, known as WannaCry software, was nearly identical to the code used by the Lazarus Group, a group of North Korean hackers who used a similar version for the hack of Sony Pictures Entertainment in 2014 and the last year’s hack of Bangladesh Central Bank. Security experts are now cautiously linking the Lazarus Group to this latest attack.
Mehta has found similarities between code found within WannaCry and other tools believed to have been created by the Lazarus Group in the past, BBC reported.
Security expert Prof Alan Woodward said that time stamps within the original WannaCry code are set to UTC +9 — China’s time zone — and the text demanding the ransom uses what reads like machine-translated English, but a Chinese segment apparently written by a native speaker, the report said.
“As you can see it is pretty thin and all circumstantial. However, it is worth further investigation,” Woodward said.
“Neel Mehta’s discovery is the most significant clue to date regarding the origins of WannaCry,” said Russian security firm Kaspersky, but noted a lot more information is needed about earlier versions of WannaCry before a conclusion can be reached, it reported.