Researchers eye possible North Korea link to cyberattacks

Washington : Security researchers reported Monday signs of a potential North Korean link to global cyberattacks that have wreaked havoc on computer networks.

In the first clues of the origin of the massive ransomware attacks, Google researcher Neel Mehta posted computer code that showed similarities between the "WannaCry" malware and a vast hacking effort widely attributed to Pyongyang.

Other experts quickly jumped on this as sign -- although not conclusive -- that North Korea may have been behind the outbreak.

Researchers at Russia-based security firm Kaspersky said this was an important clue.

"For now, more research is required into older versions of Wannacry," Kaspersky researchers said.

"We believe this might hold the key to solve some of the mysteries around this attack. One thing is for sure -- Neel Mehta's discovery is the most significant clue to date regarding the origins of Wannacry."

According to Kaspersky, the similarities in code point to a hacker group given the code-name Lazarus, believed to be behind the 2014 hack of Sony Pictures and also suspected in hacks against the central bank of Bangladesh and others in the global financial system.

"The scale of the Lazarus operations is shocking," Kaspersky researchers said.

"The group has been very active since 2011... Lazarus is operating a malware factory that produces new samples via multiple independent conveyors."

Israeli-based security firm Intezer Labs said it agreed with the North Korea attribution.

The group's chief executive Itai Tevet said in a tweet: "@IntezerLabs confirms attribution to North Korea for #WannaCry, not only because of the function from Lazarus. More info to come."