FireEye has found that the malware WannaCry shares a unique code with malware WHITEOUT that we have previously attributed to actors suspected in North Korea. While we have not verified the observation by other experts, tools DPRK known used to remove the first versions of WannaCry, we have not observed other groups to use the code present in both WannaCry and WHITEOUT and we do not believe that it is available in open source. This indicates a connection between the two.
Boost your gains
Our analysis has revealed that this unique code was shared by other malware north Korean, including NESTEGG and MACTRUCK. Significantly, while this code is present in the malicious software MACTRUCK, it is not used. The shared code probably means that, at a minimum, the operators of WannaCry share of the resources of software development with operators of espionage in north korea.
Ben Read, senior analyst, FireEye
About FireEye :
FireEye is the security specialist network based on the intelligence. Functioning as a seamless extension and extensible security operations client network, FireEye offers a unique platform that combines security technologies with innovative building intelligence on the threats of the government, and the consulting services Mandiant world-renowned. Thanks to this approach, FireEye eliminates the complexity and efforts related to cyber security for organizations having difficulties to anticipate, prevent and respond to cyber attacks. FireEye has over 5600 customers in 67 countries, including over 40% of companies listed in the Forbes Global 2000.
Boost your gains