Lazarus Attack Originated in N. Korea

Lazarus Attack Originated in N. Korea

The recent cyber-attack that seriously damaged parts of the NHS along with other organisations around the world originated in North Korea, it has emerged. An international investigation led by the National Cyber Security Centre believes that the attack was carried out by known hacking group Lazarus and warned that there could be more such attacks to come.

It is not the first time that Lazarus has hit the headlines; the group targeted Sony Pictures in 2014 and is also responsible for the theft of money from various banks. The most recent attack involved ransomware called WannaCry and swept across the world locking computers before demanding payment for unlocking. The NHS was one of the worst-hit organisations and the assessment following the attack will continue for several weeks.

Researchers into cyber-security are still trying to pick apart the malicious code in an effort to understand exactly where it came from. Adrian Nish is the leader of the cyber threat intelligence team at BAE Systems and was the first to notice overlaps with previous code developed by Lazarus; he described these overlaps as ‘significant’.

Hackers based in North Korea have been linked to several other moneymaking attacks, including the theft of over $80m from Bangladesh’s Central Bank. This attack involved transfers of large sums using the Swift payment system, cash that was later laundered through casinos based in the Philippines. Nish said that the attack was “one of the biggest bank heists of all time in physical space or in cyberspace”.

The recent attack that crippled the NHS was not targeted specifically; its indiscriminate nature meant that the spread was global. A British researcher was able to find a ‘killswitch’ that slowed the attack down and there have been no bitcoin withdrawals as yet.

Internet security becomes an ever-more pressing issue as the web continues to expand. It is essential that every precaution is taken and you and your customers are protected. We provide a full array of security features for all of our clients: to find out more, get in touch with us TODAY.

Posted in Blog on