White House blames North Korea for WannaCry

In an op-ed in the Wall Street Journal, President Trump's Homeland Security Adviser Thomas Bossert has officially blamed North Korea for the WannaCry ransomware incident that devasted hundreds of thousands of computers worldwide in May this year.

"The consequences and repercussions of WannaCry were beyond economic," Bossert says. "The malicious software hit computers in the U.K.’s health-care sector particularly hard, compromising systems that perform critical work. These disruptions put lives at risk."

"North Korea has acted especially badly, largely unchecked, for more than a decade, and its malicious behavior is growing more egregious. WannaCry was indiscriminately reckless," he added.

The UK did it first

Despite the heavy-handed accusations, the US government is not the first to call out the Pyongyang regime for creating WannaCry. The UK government officially accused North Korea at the end of October of creating and releasing WannaCry.

North Korea denied the UK's accusations, calling them "wicked" and "groundless speculation."

The Pyongyang regime also denied initial reports it created WannaCry back in May, days after the WannaCry outbreak, and after three cyber-security firms —Kaspersky Lab, Symantec, and BAE Systems— pointed out clues linking WannaCry with the activities of Lazarus Group, a North Korean cyber-espionage unit responsible for attacks on Sony, the South Korean government, and multiple banks across the world.

No evidence released to back up accusations

Evidence connecting North Korea to WannaCry is flimsy, even today, and Bossert didn't release any new details on the reasons why the US government believes so strongly that the Pyongyang regime orchestrated the attack.

Further, Bossert didn't even touch on the subject that a leaked NSA cyber-weapon —an exploit named EternalBlue— was used for the WannaCry ransomware code.

The Bossert op-ed also called out the "bad behavior" of "the corrupt regime in Tehran" and lauded the Trump administration's recent charges of Russian and Chinese hackers, along with the DHS' ban on Kaspersky software.

The accusations come as US officials continue to pile up allegations on the North Korean regime, a trend that leaves many fearing it may lead to an actual war in the Korean peninsula.

Microsoft and Facebook Helped Disrupt Activities of Lazarus Group

Both Microsoft and Facebook have stated that they have played a role in the attribution and disruption of the actor supposedly behind the WanaCry Ransomware. This actor is known as Zinc, or the Lazarus Group, and supposedly has ties to the North Korean government.

According to Microsoft, their role was not only to help link this group to the WannaCry ransomware, but also disrupt their ongoing activities. This was done by disrupting "the malware this group relies on, cleaned customers’ infected computers, disabled accounts being used to pursue cyberattacks and strengthened Windows defenses to prevent reinfection.".

Facebook also stated they were involved by identifying Facebook accounts that were being used by the Lazarus Group and deactivating them.

UPDATE: Below is a recorded session of a White House briefing on the attribution of WannaCry to North Korea. The briefing starts at 40 minutes in.
Updated at 12:27 PM EST: Added information regarding the involvement of Microsoft and Facebook.

Related Articles:

State-Sponsored Actors Focus Attacks on Asia

Senators Demand Voting Machine Vendor Explain Why It Dismisses Researchers Prodding Its Devices

The Few Privileged North Koreans Are Savvy Scammers

U.S. Gov Agencies Fail to Fully Embrace DMARC Email Security Policy