Rather, analysts at the European Union cybersecurity agency say the hackers likely scanned the internet for systems that were vulnerable to infection and exploited those computers remotely.
The worm then is likely to have spread through a channel that links computers running Microsoft Windows in a network. The channel is typically used to share files within a network or to link to a printer, for example.
___
THE NORTH KOREA LINK
This method has been found in previously known North Korean cyberattacks, including the Sony hack in 2014 blamed on North Korea.
“Since a July 2009 cyberattack by North Korea, they used the same method,” Choi said. “It’s not unique in North Korea but it’s also not a very common method.”
Choi also cited an accidental communication he had last year with a hacker traced to a North Korean internet address who admitted development of ransomware.
The Russian security firm Kaspersky Lab has said portions of the WannaCry program use the same code as malware previously distributed by the Lazarus Group, a hacker collective behind the 2014 Sony hack. Another security company, Symantec, has also found similarities between WannaCry and Lazarus tools.
