Hackers from the Lazarus group (DPRK), suspected of creating the dangerous ransomware WannaCry, tried to impersonate cybercriminals from Russia. The corresponding conclusion was made by experts of the company for the prevention and investigation of cybercrimes Group-IB.
Group-IB employees confirmed that Lazarus members did not act from the territory of the Russian Federation, but from North Korea. But to deflect suspicions from themselves, North Korean hackers added characters and lines with Russian words written in Latin to one of the modules for sending network traffic, but this did not help them mislead the experts.
“The words used are uncharacteristic for a native speaker of Russian, and in the case of the“poluchit”command, the meaning of the word contradicts the action itself,” explained Group-IB.
According to the company, cybercriminals from the Lazarus group have spied on government agencies and private corporations in South Korea and the United States for many years. Also, according to experts, members of the same group are involved in banking hacks, including the theft of $ 81 million from the Central Bank of Bangladesh, which was also suspected of Russian cybercriminals.
As a reminder, the WannaCry ransomware virus attacked computers connected to the internal networks of the Russian Interior Ministry and the TFR on May 12. Similar attacks were recorded on thousands of computers in other states. In total, North Korean hackers have damaged 150 countries by their actions.