Watch CBS News

North Korean hackers behind global cyberattack?

N. Korea behind global cyberattack?
Is North Korea to blame for global cyberattack? 02:39

BEIJING -- Technology experts say the threat of another global cyberattack continues Tuesday morning, and they say there's evidence North Korean hackers could be behind the massive malware assault that paralyzed computer systems world-wide last week.

American engineer helped find a fix for global cyberattack 02:26

Just as North Korea boasted about the successful launch of a new missile it says can carry a "large" nuclear warhead, technology experts said they had found evidence buried deep in computer code that North Korean hackers could be behind the digital international threat, too.

Cyber security firms have found similarities between the tools used in this attack and those used in previous hacks blamed on North Korea.

The hacking tools were first developed by the National Security Agency but were stolen and leaked, and now they may have been used by a North Korean hacking group.

Microsoft knew about software vulnerability prior to cyberattack 01:51

"In this case, there is a fragment of the technology that was associated with Lazarus," Gregory Clark, CEO of cybersecurity firm Symantec, told CBS News.   

"The Lazurus Group" is a hacker collective with ties to North Korea, and experts at Symantec and other companies say they found a portion of the group's previous malware coding inside the "WannaCry" hacking program used in last week's cyberattacks.

The discovery was made by a Google security researcher, Neel Mehta, who pointed it out in a cryptic tweet on Monday the parallel between an early version of the WannaCry tool used last week and code used by Lazurus in several years ago.

Lazarus was implicated in the 2014 hack of data from Sony Pictures -- an apparent retaliation for Sony's release of the film "The Interview," which mocked North Korean leader Kim Jong Un.

Lazarus was also connected with last year's theft of $81 million from a Bangladesh account at the Federal Reserve Bank in New York. U.S. officials blamed both hacks on North Korea.

Protecting yourself against cyberattacks 01:04

This latest attack was more widespread, taking advantage of a known vulnerability in older Microsoft software to force the shut-down of hospitals and other businesses around the world by encrypting files to make them inaccessible until a ransom of $300 was paid.

While technology experts were able to contain this weekend's attack, they warn the threat is not over.

"We are worried about the smart guys realizing what worked and what didn't, and something else coming our way that might be a little better engineered," Symantec's Clark told CBS News.

So far, the cyberattack has infected some 300,000 computers in 150 countries, but only about $63,000 dollars in ransom has actually been paid to the hackers.

Experts say it's too early to blame last week's attack on North Korean hackers, however, citing the possibility that other cybercriminals could have used the Lazarus malware and even included the identical portion of code as a false flag to implicate the isolated regime.

View CBS News In
CBS News App Open
Chrome Safari Continue
Be the first to know
Get browser notifications for breaking news, live events, and exclusive reporting.