Security Experts:

Connect with us

Hi, what are you looking for?



Australia, Canada, Others Blame North Korea for WannaCry Attack

The United States is not the only country to officially accuse North Korea this week of being behind the WannaCry ransomware campaign. Canada, Japan, Australia and New Zealand have also blamed Pyongyang for the attack.

The United States is not the only country to officially accuse North Korea this week of being behind the WannaCry ransomware campaign. Canada, Japan, Australia and New Zealand have also blamed Pyongyang for the attack.

The U.K. accused North Korea in late October, and the other Five Eyes countries and Japan have now done the same.

“We are aware of the statements made by our allies and partners concerning the role of actors in North Korea in the development of the malware known as WannaCry,” said Greta Bossenmaier, chief of Canada’s Communications Security Establishment (CSE). “This assessment is consistent with our analysis.”

Australia said its own intelligence agencies reached the same conclusion after consultations with allies. New Zealand attributed the WannaCry attack to North Korean threat actors based on “cyber threat analysis from a range of sources, including the United States and the United Kingdom.”

The WannaCry ransomware was unleashed in May and it infected roughly 300,000 computers across 150 countries. The malware spread using exploits developed by the Equation Group, an actor linked to the U.S. National Security Agency (NSA).

North Korea in October denied the accusations, claiming that they were a “wicked attempt” to further tighten international sanctions. Furthermore, not everyone believes North Korea is responsible. Endpoint security firm Cybereason said in May that the attack did not fit Pyongyang’s style and interests, and the company stands by its initial assessment.

Nevertheless, the United States is convinced that the WannaCry attack is the work of North Korea, which is believed to be responsible for several recent profit-driven campaigns. “We do not make this allegation lightly,” said White House homeland security advisor Tom Bossert. “We do so with evidence, and we do so with partners.”

One of those partners is Microsoft, which concluded that the North Korea-linked threat actor known as Lazarus – the company tracks it as ZINC – was responsible for the ransomware attack.

“Among other steps, last week we helped disrupt the malware this group relies on, cleaned customers’ infected computers, disabled accounts being used to pursue cyberattacks and strengthened Windows defenses to prevent reinfection. We took this action after consultation with several governments, but made the decision independently,” said Brad Smith, president and chief legal officer at Microsoft.

“We are pleased to see these governments making this strong statement of attribution. If the rising tide of nation-state attacks on civilians is to be stopped, governments must be prepared to call out the countries that launch them,” Smith said.

Facebook also had a role in disrupting the activities of the Lazarus group, but pointed out that its actions were not focused on the WannaCry malware itself.

“In this case, we deleted accounts operated by this group to make it harder for them to conduct their activities. Similar to other threat groups, they largely used personal profiles and pretended to be other people in order to do things like learning about others and building relationships with potential targets,” the social media giant stated.

“We also notified people who may have been in contact with these accounts and gave suggestions to enhance their account security, as we have done in the past about other threat groups,” it added.

Related: North Korea’s New Front – Cyberheists

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Data Breaches

LastPass DevOp engineer's home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud...


WASHINGTON - Cyberattacks are the most serious threat facing the United States, even more so than terrorism, according to American defense experts. Almost half...


No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.

Application Security

GitHub this week announced the revocation of three certificates used for the GitHub Desktop and Atom applications.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...