Tag: cyberattack

Via a reader link comes speculation that the recent massive global cyberattack may have been a North Korean operation:

The WannaCry ransomware that attacked computers in 150 countries has lines of code that are identical to work by hackers known as the Lazarus Group, according to security experts. The Lazarus hackers have been linked to North Korea, raising suspicions that the nation could be responsible for the attack.

The connection was made by Google security researcher Neel Mehta, who pointed out similarities between WannaCry and malware used by Lazarus, the group that’s been blamed for the Sony Pictures hack of 2014 and for stealing millions of dollars from a Bangladeshi bank in 2016.

After Mehta highlighted the elements in the code, other researchers confirmed similarities that early versions of WannaCry (also called WannaCrypt, Wana Decryptor or WCry) shared with malware tools used by Lazarus.  [NPR]

You can read more at the link, but I can easily see this cyberattack as something the Kim regime would do.  With that said when I read about the cyberattack the first thing I thought was I was glad I use an Apple computer.  😉

.@SteveKroft reports on North Korea's cyberattack on @SonyPictures, tonight on #60Minutes http://t.co/pLOolANFyd pic.twitter.com/cqd5XsPp9O

— 60 Minutes (@60Minutes) September 6, 2015

NSA chief says Sony attack traced to North Korea http://t.co/OPUbo9JjLe via @thomsonreuters

— NK NEWS (@nknewsorg) February 21, 2015

Via One Free Korea comes this NY Times article that discusses how the Obama administration was able to pin down North Korea as the source of the cyber attack against Sony Pictures:

The trail that led American officials to blame North Korea for the destructive cyberattack on Sony Pictures Entertainment in November winds back to 2010, when the National Security Agency scrambled to break into the computer systems of a country considered one of the most impenetrable targets on earth.

Spurred by growing concern about North Korea’s maturing capabilities, the American spy agency drilled into the Chinese networks that connect North Korea to the outside world, picked through connections in Malaysia favored by North Korean hackers and penetrated directly into the North with the help of South Korea and other American allies, according to former United States and foreign officials, computer experts later briefed on the operations and a newly disclosed N.S.A. document.

A classified security agency program expanded into an ambitious effort, officials said, to place malware that could track the internal workings of many of the computers and networks used by the North’s hackers, a force that South Korea’s military recently said numbers roughly 6,000 people. Most are commanded by the country’s main intelligence service, called the Reconnaissance General Bureau, and Bureau 121, its secretive hacking unit, with a large outpost in China.

The evidence gathered by the “early warning radar” of software painstakingly hidden to monitor North Korea’s activities proved critical in persuading President Obama to accuse the government of Kim Jong-un of ordering the Sony attack, according to the officials and experts, who spoke on the condition of anonymity about the classified N.S.A. operation.  [New York Times]

You can read more at the link, plus I recommend reading One Free Korea’s take on this issue as well.

This supposed cyberattack on North Korea’s Internet is probably more for US domestic political consumption to show that the US is “doing something” than punishing North Korea for the Sony hack:

 

Key North Korean websites were back online Tuesday after a nearly 10-hour shutdown that followed a U.S. vow to respond to a crippling cyberattack on Sony Pictures that Washington blames on Pyongyang.

It wasn’t immediately clear what caused the Internet stoppage in one of the least-wired and poorest countries in the world, but outside experts said it could be anything from a cyberattack to a simple power failure. The White House and the State Department declined to say whether the U.S. government was responsible.  [AP]

Even if a cyberattack had caused the shutdown, analysts said, it would largely be symbolic since only a tiny number of North Koreans are allowed on the Internet — a fraction of Pyongyang’s staunchly loyal elite, as well as foreigners.

You can read the rest at the link, but the few websites they have like the Korean Central News Agency was shut down for just 9.5 hours, big deal. Hopefully some different response actions will be explored as well.

The Kim regime must be feeling pretty of themselves right now after there successful Sony hack because they continue to gloat and make threats:

While steadfastly denying involvement in the hack, North Korea accused U.S. President Barack Obama of calling for “symmetric counteraction.”

“The DPRK has already launched the toughest counteraction. Nothing is more serious miscalculation than guessing that just a single movie production company is the target of this counteraction. Our target is all the citadels of the U.S. imperialists who earned the bitterest grudge of all Koreans,” a report on state-run KCNA read.

“Our toughest counteraction will be boldly taken against the White House, the Pentagon and the whole U.S. mainland, the cesspool of terrorism,” the report said, adding that “fighters for justice” including the “Guardians of Peace” — a group that claimed responsibility for the Sony attack — “are sharpening bayonets not only in the U.S. mainland but in all other parts of the world.” (CNN)

You can read more at the link.

North Korea looks like they want to take a page out of the playbook they used for the sinking of the Cheonan where everyone knew they did it, but by continuing to deny it it allows their allies like Russia and China to help cover for them to prevent any real consequences for the attack:

North Korea said U.S. accusations that it was involved in a cyberattack on Sony Pictures were “groundless slander” and that it was wanted a joint investigation into the incident with the United States.

An unnamed spokesman of the North’s foreign ministry said there would be “grave consequences” if Washington refused to agree to the joint probe and continued to accuse Pyongyang, the official KCNA news agency reported on Saturday.

On Friday, President Barack Obama blamed North Korea for the devastating cyberattack, which led to the Hollywood studio cancelling “The Interview”, a comedy on the fictional assassination of North Korean leader Kim Jong Un.

In its first substantive response to the accusation, the isolated North Korea said it could prove it had nothing to do with the massive hacking attack.

“We propose to conduct a joint investigation with the U.S. in response to groundless slander being perpetrated by the U.S. by mobilizing public opinion,” the North Korean spokesman said.

“If the U.S. refuses to accept our proposal for a joint investigation and continues to talk about some kind of response by dragging us into the case, it must remember there will be grave consequences,” the spokesman said.  [Reuters]

You can read more at the link, but North Korea is back making threats against the US again.  It will be interesting to see what the US response will be, but I do not see this as an act of war as some people are claiming.  Why should poor network security by a company be a reason to draw the US into a war?  This is a crime not an act of war.  Pushing for further members of the Kim regime to be tried at the International Criminal Court would be one way to respond.  It is highly symbolic, but it would be highly embarrassing for the Kim regime just like the past referral of North Korea for human rights violations was.  Putting North Korea back on the State Sponsors of Terrorism List, a list they never should have been taken off of in the first place, would be another way to respond.  Finally as One Free Korea points out taking financial action against the regime could be the most effective way to really get the attention of the Kim regime to act as a deterrent against such a cyberattack in the future.

(LEAD) U.S. formally accuses N. Korea of involvement in Sony hack http://t.co/sLktpv8L8s

— Yonhap News Agency (@YonhapNews) December 19, 2014

Reports are stating that Sony has linked North Korea to the cyberattack against their company:

A Sony Pictures internal investigation has identified North Korea as the source of a devastating computer attack, and the studio is deliberating whether to announce the findings publicly, according to a person familiar with the discussions.

The company’s investigation has linked the hackers that stole a major holiday film release and unleashed a destructive computer worm to a North Korean group known as DarkSeoul, which was responsible for similar attacks on South Korean banks and television studios last year, a second person familiar with the investigation said.  [Stars & Stripes]

I don’t think there is much Sony can do about this other than they need to improve their network security from these attacks.  If North Korea was able to do this imagine what the Russians or Chinese could do with their advanced hacking operations? Companies need to make network security a top priority.