North Korea Behind Recent Global Cyber Attack That Devastated 50 Countries
Hermit nation responsible for ransomware cyber attacks
Experts have claimed that recent North Korea hackers are most likely responsible for the 'ransomware' global cyber attacks that shut down hospitals, governments, and businesses across 50 countries.
They highlighted to "Unit 180" which is a special cell in the hermit kingdoms spy agency, adding it may have been behind the series of an online raid across firms in the US, South Korea, and the world.
The independent reports: However technical evidence is said to link the dictatorship's spies to Lazarus Group, the cybergang allegedly behind last year's $81m (£62m) heist of the Bangladesh Central Bank and a 2014 hack of Sony's Hollywood studios.
Security firms claimed that code used in those two attacks had similarities to sequences used in the WannaCry ransomware that created havoc inside the NHS's computer systems on 12 May.
Experts said that Kim Jong-un's regime may be using cyber attacks to raise money.
Kim Heung-kwang, a computer science professor who defected from North Korea in 2004, claimed his former students had joined the country's Strategic Cyber Command.
He told Reuters: "Unit 180 is engaged in hacking financial institutions (by) breaching and withdrawing money out of bank accounts.
"The hackers go overseas to find somewhere with better internet services than North Korea so as not to leave a trace."
Mr Kim said government hackers were likely to pose as traders and businessmen when they travelled abroad.
North Korea expert James Lewis, of the Washington-based Centre for Strategic and International Studies, said the Communist state first used hacking to spy on its enemies and harass political targets overseas.
"They changed after Sony by using hacking to support criminal activities to generate hard currency for the regime," he said.
"So far, it's worked as well or better as drugs, counterfeiting, smuggling – all their usual tricks."
No criminal charges have been brought over the ransomware attacks, and there is no conclusive proof linking them to North Korea.
Simon Choi, a director at anti-virus software company Hauri Inc, said that the regime had been mining Bitcoin, the currency used in the ransomware hack, using malicious computer programs since 2013.
Last year, he accidentally spoke to a hacker traced to a Pyongyang internet address about development of ransomware and alerted South Korean authorities.
The security company Kaspersky Lab said portions of the "WannaCry" ransomware use the same code as malware previously distributed by Lazarus, a group behind the 2014 Sony hack blamed on North Korea.
But it is possible the code was simply copied from the Lazarus malware without any other direct connection.
Another security company, Symantec, has also found similarities between WannaCry and Lazarus's tools, but said "they so far only represent weak connections. We are continuing to investigate for stronger connections."