Privacy & Security

NSA uncovers ties between North Korea and WannaCry attacks

The National Security Agency said that tactics, techniques and targets of the massive ransowmare assault point to North Korea’s spy agency: the Reconnaissance General Bureau
By Jessica Davis
June 15, 2017
11:36 AM

The National Security Agency has found with ‘moderate confidence’ ties between the North Korean government and the WannaCry ransomware campaign that hit about 150 countries and more than 300,000 devices in May, according to the Washington Post.

The NSA analyzed tactics, techniques and targets that point to the Reconnaissance General Bureau -- North Korea’s spy agency. It’s suspected that RGB sponsored the cyber actors behind the two versions of WannaCry.

The assessment was issued last week internally and has not been made available to the public.

[Also: Hospital survival guide for a world overflowing with unsecured medical devices]

WannaCry is based on NSA hacking tools leaked by an anonymous group called the Shadow Brokers. The virus was the first worm to be coupled with ransomware. While WannaCry appears to be an attempt to raise money for the North Korean regime, the incident was severely flawed.

Despite locking down computers across the globe, the hackers only raised about $140,000 in bitcoin. And they have yet to cash in on the amount due to an operational error that makes the transactions easy to track.

While the assessment isn’t conclusive, the evidence of North Korea’s involvement is mounting. Security firm Symantec found a strong technical link between the ransomware and the hacking group Lazarus, which is thought to have ties to North Korea.

[Also: Unsecured medical devices: Healthcare's new warning call]

Google Security researcher Neel Mehta also noticed a similar connection, as did Kaspersky Labs and BAE systems.

With Rapid7’s National Exposure Index finding 160 million computers, servers and IoT devices with open ports exposed to the public, and 5.5 million internet-connected devices with exposed SMB port 445 vulnerabilities like the one exploited in the WannaCry attack, it’s time for hospitals to patch or update outdated devices.

A nation-state connection means it’s likely there will be more of these attacks in the future. And while the U.S. only had two impacted hospitals, HHS Deputy Chief Information Security Officer Leo Scanlon said the U.S. just got lucky that it wasn't affected as much as other countries.

“There’s a great deal of analysis to determine what happened and why,” Scanlon said at a June 8 House Energy and Commerce Committee. “I don’t believe we were spared the spread: We were spared the impact.”

Twitter: @JessieFDavis
Email the writer: jessica.davis@himssmedia.com

Like Healthcare IT News on Facebook and LinkedIn

Topics: 
Mobile, Privacy & Security

More regional news

HIMSSCast logo

HIMSSCast: Caregiver input needed for allocation of investment dollars

By
Bill Siwicki
November 15, 2024
HHS Building

Trump picks RFK Jr. to lead HHS

By
Susan Morse
November 15, 2024
Sign outside FDA office

Lawmakers ask CDRH to revisit its CDS guidance

By
Andrea Fox
November 15, 2024
Want to get more stories like this one? Get daily news updates from Healthcare IT News.
Your subscription has been saved.
Something went wrong. Please try again.

Top Story

Former Georgia Rep. Doug Collins
Trump taps former Rep. Doug Collins to head VA

Most Read

Vendor Notebook: New cybersecurity and EHR performance upgrades 
Particle Health files antitrust suit against Epic
Choosing a managed IT service for aged care
ASTP intros 2024 draft Federal FHIR Action Plan
CrowdStrike all but assures Capitol Hill: Never again
Korea's largest hospital bags APAC's first Stage 6 of new INFRAM

Research

White Papers

More Whitepapers

Patient Engagement
Patient Engagement
Financial/Revenue Cycle Management

Webinars

More Webinars

Imaging
Interoperability
Artificial Intelligence

Video

Lee Kim at HIMSS_Global Health Equity Week 2024
AI can be leveraged to improve cybersecurity and health equity
Dr. Keisuke Nakagawa at UC Davis Health_Global Health Equity Week 2024
How artificial intelligence is changing the equation for SDOH integration
Andrea Hsu at National Science and Technology Council_HIMSS24 APAC
Fostering health IT innovation through academic-industrial collaborations
Valerie Rogers at HIMSS_Global Health Equity Week 2024
Technology and policy have a role to play in improving maternal health

More Stories

HIT professional reviews information on a laptop outside a server room
ASPR seeks feedback on public health orgs' cybersecurity needs
Gabriel Jones of Proprio on AI
Artificial intelligence is enabling big advances in surgery
Pharmacist sorting pills
Deploy RFID technologies to streamline controlled substance management
Healthcare workers in a meeting
Prioritizing cost management at U.S. healthcare systems: Keys to better margins
Healthcare worker looking at medical record on tablet with patient in background
Protect your IoMT devices against evolving cyberattacks
Jill Brewer at HIMSS_Healthcare Cybersecurity Forum 2024
What's the weakest link in organizational cybersecurity? Not what you might think
Richard Staynings at the University of Denver_Healthcare Cybersecurity Forum 2024
The challenges of safeguarding healthcare's 'data ocean'
Avihai Sodri of Antidote Health on telemedicine
How virtual-first can improve outcomes and make care more affordable