North Korea has rubbished Britain’s claim of the country being behind the destructive WannaCry ransomware attacks in May, stating that it is a ‘wicked attempt’ by Britain to corner it further.
Britain had recently named North Korea as the principal backer of WannaCry ransomware attacks in May which spread havoc across the world.
Back in May, when hospitals and other NHS institutions across the UK were grappling with a devastating ransomware attack, Neel Mehta, a security researcher at Google, claimed that the ransomware shared an identical code with Cantopee, a malware used by a group of hackers named Lazarus group (linked to North Korea) to attack systems around the globe.
Lazarus Group has often been accused of having links to North Korea, majorly because its choice of targets- South Korea and Japan, are two nations that North Korea views as its worst enemies. Aside from Mehta, other cyber researchers also spoke about North Korea being behind the spread of the ransomware.
Martijn Grooten, a security researcher at Virus Bulletin, told Ars Technica that the presence of a kill switch in WannaCry ransomware established that it originated in North Korea. A kill Switch a tool used by state-sponsored hackers to kill off malware when objectives are achieved or to prevent collateral damage, like killing off their own systems.
“Killswitches in malware are rare, and I can only think of government malware with those built in. Governments care about collateral damage far more than criminals do. And North Korea has recently been active as the Lazarus group,” he said.
While North Korea has been accused of conducting cyber-attacks on other nations since long, things came to a head when Home Office Minister Ben Wallace publicly stated that North Korea was behind the WannaCry attack in May that impacted several NHS trusts and other institutions.
‘This attack, we believe quite strongly that it came from a foreign state. North Korea was the state that we believe was involved this worldwide attack. It is widely believed in the community and across a number of countries that North Korea had taken this role,’ he told BBC Radio 4’s Today programme.
North Korea has not taken kindly to such a statement and has lashed out at Britain, terming the accusation as one of it’s ‘wicked attempts’ to corner the country further.
‘This is an act beyond the limit of our tolerance and it makes us question the real purpose behind the UK’s move,’ said a spokesman for the North Korea-Europe Association.
‘The moves of the UK government to doggedly associate the DPRK with the cyberattack cannot be interpreted in any other way than a wicked attempt to lure the international community into harboring greater mistrust of the DPRK,’ he added.
While it is not clear what North Korea would do considering that the limit of tolerance has been crossed, a number of experts believe North Korea may target British banks not only to recoup losses suffered as a result of international economic sanctions but also to retaliate against Britain’s support for the United States.
“As sanctions bite further and North Korea becomes more desperate for foreign currency, they will get more aggressive and continue to come after the finance sector. They’re after our money,” said Robert Hannigan, a former head of GCHQ, to The Times.
He warned that the country is now increasing its cyber-warfare activities and may soon become a “premier league” player in cyber-warfare. It is doing so by collaborating with cyber criminals who may not be based in North Korea but have the tools in place to conduct massive cyber warfare on Britain’s banks.
“Cyber is just a new and very productive way of doing it. It’s bound to grow — they have found new tools of doing it through social media, through the tech companies. We’re going to see more of the same and more sophisticated attacks. More of the disinformation, more stealing of money, more disruption of systems,” he added.