The United States publicly accused on Monday North Korea of being behind the WannaCry ransomware attack that infected hundreds of thousands of computers around the globe in May.
“The attack was widespread and cost billions, and North Korea is directly responsible,” Tom Bossert, homeland security adviser to President Donald Trump, wrote in a piece published on Monday night in the Wall Street Journal.
“North Korea has acted especially badly, largely unchecked, for more than a decade, and its malicious behavior is growing more egregious,” Bossert wrote. “WannaCry was indiscriminately reckless.”
Bossert said the administration's finding of responsibility is based on evidence and confirmed by other governments and private companies, including the United Kingdom and Microsoft.
The US government has assessed with a “very high level of confidence” that a hacking entity known as Lazarus Group, which works on behalf of the North Korean government, carried out the WannaCry attack, said the official, who spoke on condition of anonymity to discuss details of the government’s investigation.
Bossert said the Trump administration will continue to use its "maximum pressure strategy to curb Pyongyang's ability to mount attacks, cyber or otherwise."
Lazarus Group is widely believed by security researchers and US officials to have been responsible for the 2014 hack of Sony Pictures Entertainment that destroyed files, leaked corporate communications online and led to the departure of several top studio executives.
North Korean government representatives could not be immediately reached for comment. The country has repeatedly denied responsibility for WannaCry and called other allegations about cyber attacks a smear campaign.
The WannaCry attack struck more than 150 nations in May, locking up digital documents, databases and other files and demanding a ransom for their release.
It battered Britain's National Health Service, where the cyberattack froze computers at hospitals across the country, closing emergency rooms and bringing medical treatment to a halt. Government offices in Russia, Spain, and several other countries were disrupted, as were Asian universities, Germany's national railway and global companies such as automakers Nissan and Renault.
The WannaCry ransomware exploited a vulnerability in mostly older versions of Microsoft's Windows operating system. Affected computers had generally not been patched with security fixes that would have blocked the attack. Security experts, however, traced the exploitation of that weakness back to the US National Security Agency; it was part of a cache of stolen NSA cyberweapons publicly released by a group of hackers known as the Shadow Brokers.
Washington’s public condemnation does not include any indictments or name specific individuals, the administration official said, adding the shaming was designed to hold Pyongyang accountable for its actions and “erode and undercut their ability to launch attacks.”
The accusation comes as worries mount about North Korea’s hacking capabilities and its nuclear weapons program.
Some researchers have said they believed WannaCry was deployed accidentally by North Korea as hackers were developing the code. The senior administration official declined to comment about whether US intelligence was able to discern if the attack was deliberate.
“What we see is a continued pattern of North Korea misbehaving, whether destructive cyber attacks, hacking for financial gain, or targeting infrastructure around the globe,” the official said.
South Korea also last year accused North Korea of hacking the personal data of more than 10 million users of an online shopping site and dozens of email accounts used by government officials and journalists.
The United States in 2014 formally accused North Korea of hacking Sony Pictures Entertainment over the movie "The Interview," a satirical film about a plot to assassinate North Korea's leader.
South Korea said in 2015 that North Korea had a 6,000-member cyberarmy dedicated to disrupting the South's government and military. The figure was a sharp increase from a 2013 South Korean estimate of 3,000 such specialists.
Baik Tae-hyun, spokesman for South Korea's Unification Ministry, which deals with matters related to North Korea, said Monday that the Seoul government was examining whether the North was behind hacking attacks on a cryptocurrency exchange in June. About $7 million in digital money was stolen in the hacks, South Korean officials said.
There's speculation in the South that North Korean hackers are possibly targeting cryptocurrency like bitcoin to evade the heavy financial sanctions imposed over the country's nuclear weapons and missiles program.
"We are monitoring the bitcoin-related issue. We believe that North Korea is currently engaging in various activities to evade sanctions and earn foreign currency," Baik said.
