Last week, intelligence officials on both sides of the Atlantic pointed the finger at North Korea over the ransomware attack that paralysed parts of the NHS and thousands more organisations in May.
A gang of hackers known as the Lazarus Group is believed to be behind the attack, working on behalf of North Korea’s state spy agency. But what do we know about the shadowy group?
Lazarus hackers shot to prominence in 2014 when they crippled Sony Pictures’ computer network ahead of the release of The Interview, a satire on the leadership of the North Korean government.
As well as disabling Sony’s network, the group released troves of sensitive data, including a string of embarrassing emails about A-list film stars. They also threatened cinemas that planned on showing the film.
But it wasn’t their first strike.
The group’s work has been traced back to a series of primitive DDOS attacks on the South Korean government in 2009 – and while the attack on Sony Pictures represented a step up in sophistication, it paled in comparison to an $81m (£63m) cyber heist last year on Bangladesh’s central bank thought to have been conducted by Lazarus hackers. The strike made waves in the industry, and put cyber security firmly on the agenda.
The common motive behind each of Lazarus’s attacks seems to be advancing the interests of North Korea.
In some cases, the group appears to be trying to raise funds for the despotic regime. But if fundraising was the goal of WannaCry, the strike might have disappointed Lazarus’s paymasters.
An operational error has made the transaction traceable, meaning online currency exchanges would refuse to cash the bitcoin generated by the attack.
Most experts now believe that the attack was designed to cause chaos, rather than raise money.