CIA Concludes Russia was behind NotPetya

This week the CIA revealed that they belive it was Russia behind the NotPetya attacks that hit in June 2017. They used an attack vector know as a “Watering Hole”. This method infects a website in which they know their targets will be visiting.

In the case of NotPetya the website was a Ukrainian site that deployed updates for tax and accounting software. One the malware had been deployed it appeared to be a ransomware attack. But unlike WannaCry , NotPetya wiped and erased all information on the infected system. This means the attacker where not after money. It was a disruptive nuance attack that could have potently erased a large amount of sensitive data.

There has been increasing tension between Russia and Ukraine and considering that Russia has increased it level of aggression in recent months it comes as no surprise that they have begun lunching cyber attacks on this scale.

 

 

Bureau 121 – Who are they?

The Bureau 121 took the lime light recently after accusations that they where behind the WannaCry attacks that affected multiple countries. Although it was never confirmed by the North Korean government, a number of reports have pointed towards North Korea.

They are said to have around 1,800 members that are hand-picked from university and then trained for an additional 5 years before being given their assignment. These assignments could be across the globe, as an incentive they are promised that their family’s will receive greater privileges.

They have been accused of a number of significant and high-profile cyber attacks, these include the WannaCry virus and the attack on Sony.

Just after the WannaCry virus took the world by storm I speculated that there could have been North Korean involvement. This was later confirmed by both the UK and US government. Although the North Korean government have never officially taken credit for the attack.
The hacks that affected Sony Pictures before the release of the movie The Interview were also alleged to have been carried out by North Korea. This was later backed up by security researchers who reported that some of the code used in the hack was written in Korean. Although it was again never officially confirmed it is quite easy to see the connection.

They are also said to conduct regular cyber-attacks aimed at South Korea, this has affected a number of different sectors including banking and broadcasting companies. During 2013 it was alleged that an infected smart phone application was the result of Bureau 121.

While Bureau 121 are not a hacktivist or cyber crime group, they have been causing havoc across the globe and raging cyber-warfare. I find it almost baffling that in a country with such poor human rights and such a poor quality of life that there is a division of the Korean Government who have the ability and skill set to disrupt and damage computer systems across the globe.

Source: CNN, Business Insider, The Market Mogul, BBCNews Week

UK Goverment Confirms WannaCry Speculation

Last week reports emerged of the UK government confirming their suspicions of WannaCry being a state sponsored attack involving North Korea.

Earlier this year, just after WannaCry came to prominence I wrote an article What is WannaCry.  In which I speculated due to the nature and style of attack, it did not appear to follow the traditional Ransomware style. What I mean by this is, from the outset WannaCry was targeting and effecting core infrastructure as well as the Public sector in the UK. Resulting in WannaCry becoming somewhat of a disruption, as a rule Ransomware attacker aim to make the process of decrypting the data as smooth and straight forward for the victims as possible. This is likely due to them being after one thing, money. Mozilla conducted an investigation as part of there Online Life is Real Life podcast series a from their investigation they rated Ransomaware customer services. This highlights how the process of ransomware cannot be to complicated as it will reduce and limited their overall ability to collect the ransom

But there are numerous article floating around the web that indicate WannaCry made between $20,000 – $100,000. For an attack of this level that impacted hundreds of thousand of people it was a very poor take.
But the level of chaos and “denial of service” that WannaCry caused indicated to myself that their was more to it than just the money. I am aware that the traditional sence a denial of service or DDoS is targeting web services and flooding them with packets. But in this case WannaCry effected ATM machine as well as computer within hospitals, effectively denying service to them.

Of course the North Koreans released a statement to the effect of them having no involvement and that these accusations are nothing but wild speculation. But it is important to consider that this “speculation” was floating around from the beginning of WannaCry and was stated by a number of security research teams that looked into WannaCry. As well as this, the UK government would not make these accusations without a substantial level of evidence.

The north Koreans have in te past been accused of other attacks, mainly the attack on Sony. This attack was alleged to have happened due to the upcoming release of movie The Interview.

Please let me know your views on the North Koreans involvment in WannaCry in the comments below.