19 May, 2017
Cantopee was created by the hacking team known as the Lazarus Group, perhaps most famously known for the security breach launched against Sony Pictures in 2014.
Lazarus is believed to operate from China-for North Korea.
Symantec, Intezer Labs of Israel and Russia's Kaspersky Lab on Monday agreed that a considerable part of the "WannaCry" ransomware is identical with a hacking program used by the Lazarus group, which has ties to North Korea. They might be hiding out in countries that wouldnt be willing to extradite suspects for prosecution, said Robert Cattanach, a former U.S. Justice Department attorney and an expert on cybersecurity.
Forensics, though, will only get investigators so far.
"It is similar to North Korea's backdoor malicious codes", said Simon Choi, a senior researcher with Hauri who has done extensive research into North Korea's hacking capabilities and advises South Korean police and National Intelligence Service.
The paper introduced cases in detail, including the attack on the interior ministry, banks and public agencies in Russian Federation; on information networks, banks and energy-related companies in Spain and Portugal; and on auto factories in France, Slovenia and Romania.
"In time, more evidence appeared and allowed us, and others, to link them together with high confidence".
The Chinese foreign ministry said at a regular media briefing on Tuesday that it will completely implement existing United Nations sanction measures against the North, but declined to comment further.
Attributing cyber-attacks can be notoriously hard - often relying on consensus rather than confirmation.
Mehta, a University of British Columbia graduate who earlier worked with IBM Internet Security Systems, posted "codes" on Twitter, potentially pointing at a connection between the "WannaCrypt" ransomware attacks and the malware attributed to the infamous "Lazarus Group", responsible for a series of devastating attacks against government organisations, media and financial institutions.
In other words, this code snippet is a "fingerprint" that suggests WannaCry was developed by the Lazarus group. They have been interested in stealing large sums of money in the past and have used Bitcoin to collect ransoms, as WannaCry does, but they also tend to be more careful about collecting payments.
"It wouldn't stand up in court as it is".
Global cybersecurity firms have pointed at North Korea as the mastermind behind the latest cyberattack.
First, China was among the countries worst hit, and not accidentally - the hackers made sure there was a version of the ransom note written in Chinese. The North strongly denied all the allegations. But North Korea has been preparing cyber skills for more than 10 years and its skill is significant.
Amid speculation that North Korean hackers could have been behind the computer worm, the Rodong Sinmun newspaper on Wednesday reported the wide scale of the chaos WannaCry had caused. WannaCry, in contrast, was wildly indiscriminate - it would infect anything and everything it could.
Anchor: The UN Security Council held an emergency meeting on Tuesday to discuss North Korea's latest ballistic missile test.