North Korea possibly linked to global cyberattack
Simon Choi, a director at South Korean antivirus software company Hauri Inc. who has analyzed North Korean malware since 2008 and advises the government, said Tuesday that the North is no newcomer to the world of bitcoins.
The malware has scrambled data at hospitals, factories, government agencies, banks and other businesses since Friday, but an expected second-wave outbreak largely failed to materialize after the weekend, in part because security researchers had already defanged it.
The hackers appeared to have taken control of computers and servers around the world by sending a type of malicious code known as a worm.
The worms quickly scanned computers with vulnerability, in this case the older versions of Microsoft Windows, and used those computers as hackers’ command and control centers.
Experts say that the rapid spread of the worm globally suggests it did not rely on phishing, a method whereby an email is sent to people with the aim of having them click on infected documents or links.
Rather, analysts at the European Union cybersecurity agency say the hackers likely scanned the Internet for systems that were vulnerable to infection and exploited those computers remotely.