The Lazarus Group, who might they be and why are they doing what they are doing. If you have been following the news lately, you’ll see that a malware started denying users access to their systems in about 150 countries which made it the biggest of its kind. Called the WannaCrypt ransomware, it started attacking computers last week in England and then spread to other parts of the world including the US, China and Russia. Victims were specifically asked to pay $300 into a bitcoin wallet and since then we have learned that several people have paid even though a meagre $70k of the $90m expected at least.
The blame game started going around and then experts started saying it could be the Lazarus Group again based on early evidence from code analysis. Their name also came up in 2014 when Sony was hacked because of “The Interview” movie which made a mockery of the North Korean ruler.
We have now been hearing of them for some time now and I suspect it may not be the last but it’s important to at least try and find out who they might be or what they represent.
Experts say there is strong evidence that they have ties to the isolated North Korea and like John Arquilla, chair of defense analysis at the Naval Postgraduate School in Monterey told USA Today, “The Lazarus group appears to be a contractor in the area of cyber mischief, but they seem to straddle the worlds of politics and crime,” and now another view says contractors. If they might be contractors, are they independent or could it be that they are tied to a bigger group on a permanent basis as with some defense contractors?
One clue might be that since they don’t publicise their “achievements”, this could mean that they are not interested in working for other people who could have easily identified them and maybe contracted them. But they don’t do that rather agencies are left to figure it out for themselves. The Fancy Bears and other hacking groups usually make it public after they have successfully wreaked havoc but not the Lazarus Group which makes them even more mysterious.
But others think it could be even be Russia with workers spread across the world. Hmm and that might make sense too if you think of a state that may have such capabilities. By the way,
It may not be linked to North Korea at all. Gartner senior cybersecurity analyst Avivah Litan says some of her sources indicate its leaders might be in Russia, with workers spread throughout the globe. But at the last count nearly 12,000 computers were affected by the ransomware in Russia alone and if we are to by what experts have said in the past, why would Russia create such a group and have them attack its own citizens too. Well one would be to eliminate any suspicions that may arise after such an attack. Having said that, Russian computers were attacked by the malware but it didn’t affect government owned machines. Now the Russian interior ministry says it was affected but that its computers are now safe compared to NHS computers in England and other parts of the world. Now this doesn’t say much but if you’re an investigator, you would ask were they hinted about something like this before hand or was it just a coincidence that they experienced the attack but it didn’t really knock out their computers? Or maybe they are just really security conscious and that’s all.
Robert Silvers, former assistant secretary for cyber policy at the U.S. Department of Homeland Security under the Obama Administration also tells USA Today that Russia can’t be ruled out seeing as we still don’t know for sure if Lazarus or any North Korean linked groups were responsible for the attack. But there’s really no evidence just yet that Russia itself could be involved in this but it may be difficult to know this if they really have them spread across the globe as some suggest.
The point is that we have heard of the Lazarus Group and no one has definitively been able to say they are a North Korean linked group. But the reason may believe it’s likely to be linked to North Korea is the way the group has been operating with the latest one being that people should pay some ransom before they regain access to their computers. North Korea is under heavy sanctions and might be stepping on the last nerve of its biggest trading partner China. This would mean that the nation needs some other way to keep its media style military launches going and how else would they do that? Well they can’t tax people or even do business with other nations and there is just one option left which is hacking on an international scale. North Korea has also been accused of stealing money from banks worldwide with the biggest last year being $81 from the Central Bank of Bangladesh. So there you go, there is motive and you see if it were Russians, why they would demand for money like $300 from victim seeing as many won’t pay. Russia is one of the world’s largest economies and if they were to embark on such a hacking mission, they would rather target big corporations and government files. So it’s unlikely that the Lazarus Group would be tied to Russia.
I tend to go with what experts are saying on this that evidence suggests that it’s likely that North Korea set up the group to fund its cash strapped operations.
Now if you look at the live map by MalwareTech of the WannaCry attacks, much of Africa and South America were not affected and this says a lot about the motive of the attackers. It’s no secret that majority of internet users in these parts may not be able to pay the $300 ransom hence the neglect. This goes back to money and if money is the biggest factor, then it could be the Lazarus Group and they may be state sponsored and if they are state sponsored, North Korea is the one with the biggest need for such money by any government.
But as Microsoft proposed, we may need a “Digital Geneva Convention” where government authorities might need to come up with an international force to tackle such crimes on the internet.