North Korea hackers behind WannaCry cyber attack: Britain security

The National Cyber Security Centre believes that a hacking group known as Lazarus launched the attack.

Published: 16th June 2017 06:07 PM  |   Last Updated: 16th June 2017 06:07 PM   |  A+A-

WannaCry ransomware


LONDON: Hackers from North Korea were behind the ransomware cyber-attacks that paralysed Britain’s National Health Service (NHS) and wreaked havoc with computer networks worldwide last month, according to Britain's security services.     

Britain's National Cyber Security Centre (NCSC) is leading the international investigation and security sources told the BBC that the NCSC believes that a hacking group known as Lazarus launched the attack. The same group is believed to have targeted Sony Pictures in 2014 during the release of the film 'The Interview', a satire about the North Korean leadership. The same group is also thought to have been behind the theft of money from banks in the past.     

In May, a ransomware called WannaCry locked computers across the world and demanded a payment for them to be unlocked. The NHS in the UK was particularly badly hit. The NCSC began an investigation and concluded their assessment in recent weeks. The ransomware did not target Britain or the NHS specifically, and may well have been a money-making scheme that got out of control, particularly since the hackers do not appear to have retrieved any of the ransom money as yet, the BBC report claims.   

Although the group is based in North Korea, the exact role of the leadership in Pyongyang in ordering the attack is less clear. Private sector cyber security researchers reverse engineered the code to try and identify the source but the assessment by the NCSC, part of the UK intelligence agency GCHQ, is likely to have been made based on a wider set of sources.       

America's National Security Agency (NSA) has also more recently made the link to North Korea but its assessment is not thought to have been based on as deep as an investigation as the UK, partly because the US was not hit as hard by the incident.       

Officials say they have not seen any significant evidence supporting other possible culprits.       

North Korean hackers have been linked to money-making attacks in the past - such as the theft of USD 81 million from the central bank of Bangladesh in 2016. This sophisticated attack involved making transfers through the Swift payment system which, in some cases, were then laundered through casinos in the Philippines.       

The Lazarus group has also been linked to the use of ransomware - including against a South Korean supermarket chain.     The May 2017 attack was indiscriminate rather than targeted. Its spread was global and may have only been slowed thanks to the work of a British researcher who was able to find a "kill switch" to slow it down.

Stay up to date on all the latest World news with The New Indian Express App. Download now


Disclaimer : We respect your thoughts and views! But we need to be judicious while moderating your comments. All the comments will be moderated by the editorial. Abstain from posting comments that are obscene, defamatory or inflammatory, and do not indulge in personal attacks. Try to avoid outside hyperlinks inside the comment. Help us delete comments that do not follow these guidelines.

The views expressed in comments published on are those of the comment writers alone. They do not represent the views or opinions of or its staff, nor do they represent the views or opinions of The New Indian Express Group, or any entity of, or affiliated with, The New Indian Express Group. reserves the right to take any or all comments down at any time.

flipboard facebook twitter whatsapp