ilolab - Fotolia

North Korea behind WannaCry attacks, White House says

The White House officially said North Korea was behind the WannaCry attacks, and it credited Facebook and Microsoft for work in attribution. But it left questions unanswered.

The White House officially attributed the WannaCry attacks to North Korea and said "costs and consequences" must be imposed for attacks like this.

In a press conference on Tuesday, Tom Bossert, homeland security adviser to the White House, did not give evidence to support the attribution, but said the U.S. was confident the WannaCry attacks, which spread ransomware to enterprises across the globe, were directed by the North Korean government. Bossert said New Zealand, Canada, Australia, Canada and Japan agreed with the attribution.

"It was cowardly, costly and careless. The attack was widespread and cost billions, and North Korea is directly responsible," Bossert wrote in an op-ed published on Monday in the Wall Street Journal. "We do not make this allegation lightly. It is based on evidence. We are not alone with our findings, either. Other governments and private companies agree. The United Kingdom attributes the attack to North Korea, and Microsoft traced the attack to cyber affiliates of the North Korean government."

Attribution and reaction

North Korea being behind the WannaCry attacks is not a new assertion. Kaspersky Lab drew connections between the North Korean Lazarus hacking group and WannaCry as early as June 2017 -- one month after the WannaCry attacks first launched. Bossert did not credit Kaspersky with its efforts in the WannaCry investigation -- the only mention of Kaspersky was in the op-ed regarding the perceived risk of having the company's software on government systems. "The Trump Administration earlier this year ordered the removal of all Kaspersky products from government systems."

Microsoft said it had been working together with Facebook "to protect our customers and the internet from ongoing attacks" by the Lazarus Group, which it concluded was responsible for WannaCry.

"Among other steps, last week we helped disrupt the malware this group relies on, cleaned customers' infected computers, disabled accounts being used to pursue cyberattacks and strengthened Windows defenses to prevent reinfection," Brad Smith, president and chief legal officer at Microsoft, wrote in a blog post. "We took this action after consultation with several governments, but made the decision independently. We anticipate providing more information about our actions and their effect in the coming months once we have had the opportunity to analyze applicable data and information."

The WannaCry attacks exploited an unpatched flaw in the Windows Server Message Block, and Smith famously slammed the U.S. government and the National Security Agency (NSA) for hoarding the EternalBlue exploit, which was made public earlier this year by the Shadow Brokers and made the attacks possible. However, neither Microsoft nor Bossert made any mention of the NSA, and during the press conference, Bossert avoided a question related to the NSA's potential culpability in the WannaCry attacks.

In his original op-ed, Bossert accused North Korea of stealing intellectual property and said "stopping malicious behavior like this starts with accountability."

"We call on the private sector to increase its accountability in the cyber realm by taking actions that deny North Korea and other bad actors the ability to launch reckless and destructive cyberattacks. We applaud Microsoft and others for acting on their own initiative last week, without any direction or participation by the U.S., to disrupt the activities of North Korean hackers," Bossert wrote. "As for North Korea, it continues to threaten America, Europe and the rest of the world -- and not just with its nuclear aspirations. It is increasingly using cyberattacks to fund its reckless behavior and cause disruption across the world."

Dig Deeper on Security operations and management