US officials say a North Korean group was behind WannaCry, and some big tech names have taken steps to stop it.
Following a piece published on 18 December detailing North Korea’s involvement with the unprecedented WannaCry cyberattack this past summer, written by White House homeland security adviser Thomas Bossert, a Facebook spokesperson has confirmed that the company had been involved in mitigating the threat.
The spokesperson confirmed yesterday (19 December) that Facebook had deleted accounts associated with the so-called Lazarus Group alleged to have been behind the ransomware tsunami.
Accounts linked to Lazarus removed by Facebook
The spokesperson said accounts linked to Lazarus were removed to “make it harder for them to conduct their activities”.
According to Reuters, the accounts were mostly fake personal profiles that were used to build relationships with people of interest.
Lazarus is also said to be behind the Sony Pictures hack of 2014, which saw numerous executives depart the company as confidential information flooded the web.
During a White House news conference held yesterday, Bossert said: “Facebook took down accounts that stopped the operational execution of ongoing cyberattacks, and Microsoft acted to patch existing attacks, not just the WannaCry attack initially.”
Microsoft president Brad Smith said the company had disrupted malware that the Lazarus Group relied heavily on, “disabled accounts being used to pursue cyberattacks” and cleaned computers of affected users.
Bossert said there was limited scope in terms of resolving the situation: “We don’t have a lot of room left here to apply pressure to change their behaviour.
“It’s nevertheless important to call them out, to let them know that it’s them and we know it’s them.”
The UK National Cyber Security Centre (NCSC) said: “Our assessment has been that North Korean actors known as the Lazarus Group were very likely responsible for the WannaCry attack back in May this year.”
The NCSC had come to this conclusion following a June investigation.
North Korea circumventing sanctions
The UK foreign office minister for cyber, Tariq Ahmad, said: “We condemn these actions and commit ourselves to working with all responsible states to combat destructive criminal use of cyberspace.
“The indiscriminate use of the WannaCry ransomware demonstrates North Korean actors using their cyber programme to circumvent sanctions.”
Facebook’s US headquarters in Menlo Park, California. Image: achinthamb/Shutterstock