SAN FRANCISCO — Intelligence officials and private security experts say that new digital clues point to North Korean-linked hackers as likely suspects in the sweeping ransomware attacks that have crippled computer systems around the world.
The indicators are far from conclusive, the researchers warned, and it could be weeks, if not months, before investigators are confident enough in their findings to officially point the finger at Pyongyang’s increasingly bold corps of digital hackers. The attackers based their weapon on vulnerabilities that were stolen from the National Security Agency and published last month.
Security experts at Symantec, which in the past has accurately identified attacks mounted by the United States, Israel and North Korea, found early versions of the ransomware, called WannaCry, that used tools that were also deployed against Sony Pictures Entertainment, the Bangladesh central bank last year and Polish banks in February. American officials said Monday that they had seen the same similarities.
All of those attacks were ultimately linked to North Korea; President Barack Obama formally charged the North in late 2014 with destroying computers at Sony in retaliation for a comedy, “The Interview,” that envisioned a C.I.A. plot to kill Kim Jong-un, the country’s leader…
…The N.S.A.’s wormlike tool was leaked online by the Shadow Brokers last month.
“What happened with the Shadow Brokers in this case is equivalent to a nuclear bomb in cyberspace,” said Zohar Pinhasi, a former cybersecurity intelligence officer for the Israeli military, now the chief executive of MonsterCloud, which helps mitigate ransomware attacks. “This is what happens when you give a tiny little criminal a weapon of mass destruction. This will only go bigger. It’s only the tip of the iceberg.”
To read the full article, click HERE.