North Korea Was Behind the WannaCry Cyberattacks, Says the White House

In May, a ransomware attack known as WannaCry infected computers across the world, encrypting people’s files and charging owners hundreds of dollars to recover access to those files. Among the victims were the UK’s National Health Service, which locked doctors out of patients’ records.

In a piece published in the Wall Street Journal (paywall) yesterday, Thomas P. Bossert, assistant to the US president for homeland security and counterterrorism, officially laid blame for the WannaCry cyberattack on North Korea. He wrote that while North Korean cyberattacks have been going on “largely unchecked” for about a decade, such activity has grown “more egregious” and WannaCry was “indiscriminately reckless.”

“We do not make this allegation lightly. It is based on evidence. We are not alone with our findings, either. Other governments and private companies agree. The United Kingdom attributes the attack to North Korea, and Microsoft traced the attack to cyber affiliates of the North Korean government,” wrote Bossert. He implored private companies to build up their defenses against North Korea and other “bad actors” in cyberspace, and singled out Microsoft in particular for taking actions last week to “disrupt activities of North Korean hackers,” without elaborating on the details.

British security officials suspected that North Korea was behind the WannaCry attacks, linking them to a group called Lazarus that was also behind the 2014 cyberattacks on Sony Pictures, the BBC reported in June.

Other “bad actors” in cyberspace highlighted by Bossert include Iran and Russia. He noted that the Trump administration has banned the use of Kaspersky software from government systems over concerns that the software could abet Russian espionage, and that the government has also charged Iranian hackers who attacked US companies such as HBO. In November, the US also charged three Chinese nationals for hacking, Bossert added.

Since May, North Korean actors have launched cyberattacks on no fewer than three South Korean cryptocurrency exchanges with the suspected goal of stealing funds, one of which was successful, security firm FireEye said in a September report. The report also noted that cryptocurrency was becoming an increasingly major part of North Korea’s cyberattacks. Security experts widely believed that the WannaCry attacks were launched by North Korea in part because victims of the attacks were instructed to send their ransom money to bitcoin wallets. To counter tight economic sanctions imposed on Pyongyang by the international community, North Korea can, in theory, acquire bitcoin or other cryptocurrencies and then launder them on exchanges and get hard cash in return.

Bossert also lauded Trump’s efforts in fighting cyberattacks, for example by ordering “the most transparent and effective government effort in the world” to look for vulnerabilities in critical government software, which are then shared with developers to allow them to create patches—an effort that even the American Civil Liberties Union has commended, he added.