A North Korean computer professor who defected from the isolated nation in 2004 has indicated the country’s spy agency could have been behind a recent spate of global cyber-attacks, including the WannaCry ransomware outbreak that affected hundreds of thousands of computers around the word earlier this month.
Speaking exclusively with the Reuters news agency, Kim Heung-kwang suggested WannaCry and a range of other cyberattacks may have been orchestrated by Unit 180, a shadowy cell of North Korea’s secretive Reconnaissance General Bureau.
Kim told Reuters: “Unit 180 is engaged in hacking financial institutions [by] breaching and withdrawing money out of bank accounts. The hackers go overseas to find somewhere with better internet services than North Korea so as not to leave a trace.”
Researchers have already linked North Korea with the WannaCry attack, after security firms Kaspersky Lab and Symantec both discovered code in an early version of the ransomware that had previously been seen in programs used by the Lazarus Group, which has been identified as a hacking operation run from North Korea.
The Lazarus group made global headlines in 2014 when it was linked to the notorious hacking of Sony’s servers.
North Korea last week testily rubbished reports linking it to the WannaCry virus.
“It is ridiculous,” said Kim In-Ryong, North Korea’s deputy ambassador to the United Nations.
Separately, Kaspersky Lab has revealed that the majority of the computers affected by WannaCry were running Windows 7.
It had been widely reported that the ransomware virus exploited weaknesses in Windows XP, an older version of Microsoft’s operating system the software giant no longer provides security updates for.
Kaspersky estimates that 97% of WannaCry infections hit Windows 7 machines, and that the number of XP devices affected was “insignificant”.
Microsoft issued a patch that would have protected Windows 7 computers from the virus back in March, suggesting those devices that were hit by the ransomware had not been updated.
Kaspersky’s data showed that 60.35% of devices infected by WannaCry were running Windows 7 x64 edition, followed by 31.72% on Windows 7, 3.67% on Windows 7 Home x64 Edition and 2.61% on Windows 7 Home.
While Kaspersky’s findings are based solely on analysis of computers running the Russian firm’s own software, the company’s data suggests early assumptions that Windows XP was responsible for the spread of the malware were wildly wide of the mark.
It was reported last Thursday that the group behind the virus was attempting to cajole victims into handing over a ransom in exchange for access to their locked files.
Owners of infected devices reported receiving a pop-up message that read: “I have already sent decryption keys to many customers who had sent me the correct amounts of bitcoin, and I guarantee the decryptions for such honest customers.
“Send me a message with your unique bitcoin wallet address an hour before your payment. Then you will receive the decryption key more quickly.”