The US is poised to publicly blame North Korea for carrying out an unprecedented cyber-attack that caused widespread disruption to public services, companies and homes around the world earlier this year.
The regime was “directly responsible” for the WannaCry attack that crippled hospitals, banks and other infrastructure in May, a senior White House official said. The malware infected more than 300,000 computers in 150 countries.
“The attack was widespread and cost billions, and North Korea is directly responsible,” Tom Bossert, homeland security adviser to Donald Trump, wrote in an op-ed piece for the Wall Street Journal.
Bossert said those responsible for carrying out cyber-attacks against the US would be held accountable, but he did not mention specific actions Washington was considering taking against Pyongyang.
News reports quoted a senior Trump administration official as saying that the US had surmised “with a very high level of confidence” that the Lazarus Group, a hacking organisation that works on behalf of the North Korean government, was behind the WannaCry ransomware attack.
Ransomware is a particularly nasty type of malware that blocks access to a computer or its data and demands money to release it.
The public shaming of North Korea, which has not been confirmed by the White House, is designed to hold the regime accountable for its actions and “erode and undercut their ability to launch attacks,” the official told Reuters on condition of anonymity.
Bossert said the US would “publicly attribute” WannaCry to North Korea, describing the attack as “cowardly, costly and careless”.
“We do not make this allegation lightly,” he wrote. “It is based on evidence. We are not alone with our findings, either. Other governments and private companies agree. The United Kingdom attributes the attack to North Korea, and Microsoft traced the attack to cyber affiliates of the North Korean government.”
Bossert added: “North Korea has acted especially badly, largely unchecked, for more than a decade, and its malicious behavior is growing more egregious.”
He called on governments and businesses to work together to reduce the risks of cyber-attacks and for harsher punishments for the groups and individuals behind them. “Malicious hackers belong in prison, and totalitarian governments should pay a price for their actions,” he said.
While North Korea is believed to run a sophisticated cyber warfare operation that has traditionally targeted South Korea, the regime has repeatedly denied that it was behind WannaCry.
The malware infected computer systems at NHS hospitals in Britain, forcing thousands of patients to reschedule appointments. FedEx was among the hardest hit on WannaCry’s list of corporate targets, with the firm saying it was expecting a $300m hit to profits as a result of the attack.
The Lazarus Group is also thought to be behind the 2014 cyber-attack against Sony Pictures, which resulted in the leak of several unreleased films and caused massive disruption to the company’s email and other parts of its internal computer network.
That attack forced Sony to cancel the release of The Interview, a comedy about two reporters who are hired by the CIA to assassinate the North Korean, leader, Kim Jong-un.
