Five years ago, the WannaCry ransomware attack, which experts attribute to North Korea, was launched. The effects were sometimes dramatic. A commentary by Jens Monrad, Mandiant's Head of Threat Intelligence, EMEA, on the development of North Korea's cyber capabilities today compared to five years ago.
WannaCry is malware that encrypts important data on infected systems in order to extort money from victims. WannaCry exploited a zero-day vulnerability in the Windows operating system for this purpose, which was then fixed with a patch from Microsoft.
230.000 computers encrypted in 150 countries
“WannaCry was not only one of the most widespread and destructive ransomware attacks, but also a turning point for North Korean state-backed cyber operations. He demonstrated the capabilities and willingness of the isolated regime to harm other nations in pursuit of national interests. North Korea had little incentive to "play by the rules". This evolution continues five years later, with the regime using its cyber capabilities to support both political and national security priorities and financial goals.
Today, while the Lazarus Group is often used as an umbrella term for North Korean cyber actors, in reality there are several different groups operating as distinct cyber entities with different goals for the state. The country's espionage operations, for example, likely reflect the regime's immediate concerns and priorities. These are currently likely focused on raising financial resources through crypto heists, attacks on media, news and political entities, as well as foreign relations and nuclear intelligence.
North Korean Crypto Heists?
Jens Monrad, Head of Threat Intelligence, EMEA at Mandiant (Image: Mandiant).
At the same time, overlaps in the infrastructure, malware, and tactics, techniques, and procedures used by the North Korean groups suggest that there are shared resources for cyber operations and thus overall coordination. According to our intelligence, most of North Korea's cyber operations, including espionage, destructive operations and financial crimes, are primarily conducted by elements of the General Intelligence Office.
Half a decade after WannaCry, North Korean groups continue to pose a serious threat. We must continue to gather intelligence on their structures and capabilities to identify attack patterns that enable proactive defense.” For more information on North Korean hacking groups, visit the blog of Client: Not So Lazarus: Mapping DPRK Cyber Threat Groups to Government Organizations.
More at Mandiant.com
About Mandiant Mandiant is a recognized leader in dynamic cyber defense, threat intelligence and incident response. With decades of experience on the cyber frontline, Mandiant helps organizations confidently and proactively defend against cyber threats and respond to attacks. Mandiant is now part of Google Cloud.