But it’s possible the code was simply copied from the Lazarus malware without any other direct connection.
If North Korea, believed to be training cyber warriors at schools, is indeed responsible for the latest attack, Choi said the world should stop underestimating its capabilities and work together to think of a new way to respond to cyber threats, such as having China pull the plug on North Korea’s internet.
“We have underestimated North Korea so far that since North Korea is poor, it wouldn’t have any technologies. But North Korea has been preparing cyber skills for more than 10 years and its skill is significant. We should never underestimate it,” Choi said.
___
FOLLOW THE MONEY
Researchers might find some additional clues in the bitcoin accounts accepting the ransom payments. There have been three accounts identified so far, and there’s no indication yet that the criminals have touched the funds.
Although bitcoin is anonymized, researchers can watch it flow from user to user. So investigators can follow the transactions until an anonymous account matches with a real person, said Steve Grobman, chief technology officer with the California security company McAfee.
