May 16 (UPI) — Cybersecurity researchers said the WannaCry malware virus code is similar to one used by the cybercrime network that struck Sony in 2014, raising speculation the global attack was sponsored by North Korea.
Kaspersky Labs, a cybersecurity firm based in Moscow, said Google researcher Neel Mehta first disclosed the similarity in the code from the WannaCry virus and a virus directed by the cybercrime network called the Lazarus Group in February 2015.
The Lazarus Group is implicated in the Sony hack and the 2016 Bangladesh Bank heist in which hackers attempted to steal nearly $1 billion from the central bank of Bangladesh.
Kaspersky Labs said “the scale of the Lazarus operations is shocking.”
“Lazarus is operating a malware factory that produces new samples via multiple independent conveyors,” Kaspersky Labs said in a statement.
Matt Suiche, a cybersecurity researcher based in the United Arab Emirates, said “potential links to North Korea have been found” after analyzing and comparing the code from WannaCry and from the previous Lazarus Group virus.
Companies and governments in at least 150 countries were attacked by WannaCry starting Friday when the malware virus demanded $300 per computer to restore access after taking control of computer systems.
Kaspersky Labs said that though any link to North Korea is inconclusive, researchers around the world must investigate the similarities and work to find out more about the origin of WannaCry.
“Looking back to the Bangladesh attack, in the early days, there were very few facts linking them to the Lazarus group,” Kaspersky Labs added. “In time, more evidence appeared and allowed us, and others, to link them together with high confidence. Further research can be crucial to connecting the dots.”
The Cyence cyberrisk modeling firm said the global financial and economic losses from WannaCry could reach up to $4 billion, though other groups estimate the loss would be hundreds of millions.