WannaCry Attribution Gets Murkier

Earlier this week, I wrote about some analysis conducted by Symantec that suggested WannaCry was likely linked to threat actors from North Korea. But there's further evidence now that has people wondering what is really going on.

The Institute for Critical Infrastructure Technology (ICIT) posted an article suggesting Symantec's analysis was premature. Their words were quite strong.

...firms motivated by private agendas are dangerously attempting to shift public dialogue back to speculation of attribution despite a clear and present necessity for pervasive, transparent, and inclusive dialogue addressing the underlying weaknesses in cybersecurity culture and critical infrastructure systems that enabled the May 12, 2017 WannaCry attack to succeed in the first place.

And today, a linguistic analysis released by Flashpoint that examined 28 WannaCry ransom notes written in various language including simplified and traditional Chinese, Danish, Dutch, English, French, German, Indonesian, Italian, Japanese, Korean, Norwegian, Portuguese, Romanian, Russian, Spanish, Swedish and Turkish found that the authors of WannaCry are fluent Chinese speakers and they also appear to know English.

I think, the bottom line here is that it we really aren't clear who pushed the WannaCry snowball down the hill first, and that it's possible multiple threat actors were involved.


Comments

    Really, the use of language isn't going to show much. If I was an American hacker wanting to false flag NK I would use some words like :

    "But you have not so enough time"

    To throw people off the scent.

      It's a little more complex than that. It's similar to how some crooks try writing ransom notes with their left hand, thinking they'll trick handwriting analysis experts, but they still don't.

Join the discussion!

Trending Stories Right Now