Image: Blackday/Shutterstock
To be absolutely clear, this is not a claim that North Korea was behind Friday's ransomware wave, and the code similarities are not in the malware from last week's attacks. Instead, at the moment, this is just a decent lead in the investigation into the attack's origins.The first one to point out the similarities in the code between a February 2017 WannaCry sample and the Lazarus Group backdoor from 2015 was Neel Mehta, a threat intelligence researcher at Google. In particular, Mehta highlighted the "crypter," the ransomware bit that locks the files. Kaspersky Lab then analyzed the code and confirmed the similarities on Monday.
Advertisement