Trail of global cyberattack could lead to North Korea

Researchers pointed to a piece of code suggesting North Korean involvement.

— -- Cyber security researchers tracking the global cyberattack tonight say the trail could lead back to North Korea.

Analysts from Google and and at least three major cybersecurity firms have pointed to a piece of code that appeared in both an earlier version of the WannaCry virus and the 2016 attack on international banks attributed to the North Korea-linked hackers Lazarus Group.

“There is a link,” said John Bambenek of Fidelis Cybersecurity. “We are really drilling down on what it means but there is part of the code that is shared between WannaCry and a known DPRK hacking tool.”

It could be someone else using the code, researchers say, and there’s still no official attribution, but according to Bambenek, it’s “a solid lead” in the investigation.

Kalember warned, however, that the threat is still serious.

“It remains critical that all organizations immediately ensure they have the most updated patches deployed and backups ready to restore in the event of a ransomware attack,” Kalember said.

Even so, the tally of targets — now more than 300,000 in 150 countries — continued to rise, with factories, offices, railroads, power stations around the world and FedEx in the U.S. all hit.

“Horrible, cried a lot,” Jess Laughton, a patient who had her surgery cancelled, told ABC News. “Didn’t really know what to say, that was the last thing we expected him to come in and say, was that here had been a cyberattack and everything had been cancelled.

“It appears less than $70,000 has been paid in ransom and we are not aware of any payments that have led to any data recovery,” Bossert said.

“They didn’t tell Microsoft about the vulnerability, they tried to use it instead, and two, they allowed this attack tool to be stolen, right out from under their noses,” Clarke said.