The Trump Administration is set to formally name North Korea as the power behind the WannaCry cyberattack that affected hundreds of thousands of computers in 150 countries over the summer.
The ransomware attack exploited a vulnerability in Windows XP and crippled computers in the UK’s National Health Service and Renault manufacturing facilities in France, among others, reports The Verge.
Thomas Bossert, a Homeland Security adviser to President Donald Trump, laid out the Administration’s case against North Korea in an op-ed in the Wall Street Journal. In retaliation for the cyberattack, President Donald Trump plans to summon “all responsible states” to unite against North Korea and push for new United Nations Security Council sanctions, according to The Hill.
The vulnerability was first discovered by the National Security Agency (NSA), which wrote WannaCrypt, the ransomware used in the attack.
That ransomware — a program that holds a computer’s contents hostage until the user pays to have it released — used a so-called “zero-day” exploit in Windows XP. Zero-day exploits are critical security vulnerabilities that are essentially cyberweapons; they are so valuable that intelligence services normally hoard them instead of telling companies the vulnerabilities exist.
In recent years, the objective of North Korean cyber crime has shifted from intelligence gathering and stealing strategic information to stealing funds from foreign financial institutions, reports Reuters, reflecting a new reality for the dictatorship as it fights to get out from under a smothering blanket of sanctions.
A hacking group called Lazarus — said to be behind an $81 million hit on the Central Bank of Bangladesh and a 2014 attack on Sony Hollywood studios — is suspected to be a North Korean-backed group. A spinoff group, Andariel, targets South Korean financial institutions specifically.