The passwords used to encrypt the Zip files embedded in the WannaCry dropper are similar across both versions and indicating that the author of both versions is likely the same group. The earlier versions of WannaCry and the one used in the May 12 attacks are largely the same, with some minor changes, chiefly the incorporation of the EternalBlue exploit. Newly discovered similarities between Contopee and the WCry ransomware itself.įurther Reading An NSA-derived ransomware worm is shutting down computers worldwideThe similarities in tools, techniques, and infrastructure, Symantec researchers said, make it "highly likely that Lazarus was behind the spread of WannaCry." In a blog post, they wrote:.Bravonc has similar code obfuscation as WCry and Infostealer.Fakepude, another piece of malware linked to Lazarus Group.Bravonc, another trojan used to install WCry onto computers in earlier attacks, used the same IP addresses for command and control as Duuzer and Destover.Trojan.Alphanc, which was used to spread WCry in attacks that took place in March and April, is a modified version of Backdoor.Duuzer, which has previously been linked to Lazarus.The malware included Trojan.Volgmer and two variants of Backdoor.Destover, the disk wiping tool used in the Sony Pictures attacks. The discovery of three pieces of malware previously linked to Lazarus Group that were left on a network hit in the first-known infection of WCry in February.On Monday, researchers from security firm Symantec presented additional evidence that further builds the case that WCry, which is also known as WannaCry, is closely linked to Lazarus Group. Researchers say Lazarus Group carries out hacks on behalf of North Korea. Additional fingerprints linked Lazarus Group to hacks that wiped almost a terabyte's worth of data from Sony Pictures and siphoned a reported $81 million from the Bangladesh Central Bank last year. The group has been operating since at least 2011. Further Reading Virulent WCry ransomware worm may have North Korea’s fingerprints on itLast week, a researcher at Google identified identical code found in a WCry sample from February and an early 2015 version of Contopee, a malicious backdoor used by the hacking team Lazarus Group.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |