US blames North Korea for 'WannaCry' cyber attack

WASHINGTON (Reuters) - The Trump administration has publicly blamed North Korea for unleashing the so-called WannaCry cyber attack that crippled hospitals, banks and other companies across the globe earlier this year.

"The attack was widespread and cost billions, and North Korea is directly responsible," Tom Bossert, homeland security adviser to President Donald Trump, wrote in a piece published on Monday night in the Wall Street Journal.

"North Korea has acted especially badly, largely unchecked, for more than a decade, and its malicious behavior is growing more egregious," Bossert wrote. "WannaCry was indiscriminately reckless."

The White House was expected to follow up on Tuesday with a more formal statement blaming Pyongyang, according to a senior administration official.

The U.S. government has assessed with a "very high level of confidence" that a hacking entity known as Lazarus Group, which works on behalf of the North Korean government, carried out the WannaCry attack, said the official, who spoke on condition of anonymity to discuss details of the government's investigation.

White House Homeland Security Advisor Tom Bossert
See Gallery
White House Homeland Security Advisor Tom Bossert

White House Homeland Security Advisor Tom Bossert gives a Hurricane Irma update during the daily press briefing at the White House in Washington, U.S. September 8, 2017.

REUTERS/Jonathan Ernst

U.S. acting Secretary of Homeland Security Elaine Duke and White House Homeland Security Advisor Tom Bossert speak to reporters after meeting with President Trump about hurricane relief efforts, at the White House in Washington, U.S. September 28, 2017.

REUTERS/Jonathan Ernst

White House Homeland Security Advisor Tom Bossert gives an update on the federal response to Hurricane Irma during the daily news briefing at the White House in Washington, U.S. September 11, 2017.

REUTERS/Jonathan Ernst

U.S. President Donald Trump's Homeland Security Advisor Tom Bossert announces that Trump today signed an executive order to bolster the government's cyber security and protect the nation's critical infrastructure from cyber attacks, during a news briefing at the White House in Washington, D.C., U.S., May 11, 2017.

REUTERS/Kevin Lamarque

White House Homeland Security Advisor Tom Bossert speaks at a Cyber Security Conference held at Tel Aviv University, Israel June 26, 2017.

REUTERS/Amir Cohen

U.S. President Donald Trump speaks to reporters after a security briefing at his golf estate in Bedminster, New Jersey U.S. August 10, 2017. Also pictured are National Security Advisor to the Vice President Andrea Thompson (L-R), White House Homeland Security Advisor Tom Bossert, U.S. National Security Adviser H.R. McMaster, Vice President Mike Pence and Central Intelligence Agency (CIA) Director Mike Pompeo.

(REUTERS/Jonathan Ernst)

White House Homeland Security Advisor Tom Bossert and White House Staff Secretary Rob Porter attend as U.S. President Donald Trump presents the Medal of Honor to retired U.S. Army special forces medic Gary Michael Rose, for actions on a four-day secret mission to Laos in 1970 during the Vietnam War, in the East Room at the White House in Washington, U.S. October 23, 2017.

REUTERS/Jonathan Ernst

Homeland Security Advisor Tom Bossert, was in attendance as President Donald Trump made remarks on combatting drug demand and the opioid crisis, in the East Room of the White House, on Thursday October 26th, 2017.

(Photo by Cheriss May/NurPhoto via Getty Images)

U.S. President Donald Trump, center right, speaks as Tom Bossert, assistant to Trump for the U.S. Department of Homeland Security, from right, U.S. Vice President Mike Pence, and Ricardo Rossello, governor of Puerto Rico, listen during a meeting in the Oval Office of the White House in Washington, D.C., U.S., on Thursday, Oct. 19, 2017. Trump said his administration's response to Hurricane Maria in Puerto Rico, where 22 percent of the islands residents have electricity and 72 percent have access to drinkable water, deserves a perfect '10' rating as he met with Rossello.

(Kevin Dietsch/Pool via Bloomberg)

U.S. Treasury Secretary Steven Mnuchin (C) and White House Homeland Security Advisor Tom Bossert (R) prepare to observe a moment of silence on the South Lawn of the White House October 2, 2017 in Washington, DC. The White House observed the moment of silence to honor of the victims of Sunday's mass murder in Las Vegas, the deadliest shooting in recent American history.

(Photo by Chip Somodevilla/Getty Images)

US President Donald Trump homeland security adviser Tom Bossert speaks during the White House Daily Briefing in Washington, DC, on August 31, 2017.

(JIM WATSON/AFP/Getty Images)

US Vice President Mike Pence (L) and Homeland Security Advisor Tom Bossert listen while Governor of Puerto Rico Ricardo Rossello and US President Donald Trump make statements for the press before a meeting in the Oval Office of the White House October 19, 2017 in Washington, DC.


Homeland Security Advisor Tom Bossert speaks during the daily briefing in the Brady Briefing Room of the White House on May 11, 2017 in Washington, DC.

(MANDEL NGAN/AFP/Getty Images)


Lazarus Group is widely believed by security researchers and U.S. officials to have been responsible for the 2014 hack of Sony Pictures Entertainment that destroyed files, leaked corporate communications online and led to the departure of several top studio executives.

North Korean government representatives could not be immediately reached for comment. The country has repeatedly denied responsibility for WannaCry and called other allegations about cyber attacks a smear campaign.

Washington's public condemnation does not include any indictments or name specific individuals, the administration official said, adding the shaming was designed to hold Pyongyang accountable for its actions and "erode and undercut their ability to launch attacks."

The accusation comes as worries mount about North Korea's hacking capabilities and its nuclear weapons program.


Many security researchers, including the cyber firm Symantec , as well as the British government, have already concluded that North Korea was likely behind the WannaCry attack, which quickly unfurled across the globe in May to infect more than 300,000 computers in 150 countries.

Considered unprecedented in scale at the time, WannaCry knocked British hospitals offline, forcing thousands of patients to reschedule appointments and disrupted infrastructure and businesses around the world.

The attack originally looked like a ransomware campaign, where hackers encrypt a targeted computer and demand payment to recover files. Some experts later concluded the ransom threat may have been a distraction intended to disguise a more destructive intent.

FedEx's computer networks were among the most heavily hit. The international shipper said in September it expected to sustain a $300 million profit hit as a result of the attack.

Some researchers have said they believed WannaCry was deployed accidentally by North Korea as hackers were developing the code. The senior administration official declined to comment about whether U.S. intelligence was able to discern if the attack was deliberate.

"What we see is a continued pattern of North Korea misbehaving, whether destructive cyber attacks, hacking for financial gain, or targeting infrastructure around the globe," the official said.

WannaCry was made possible by a flaw in Microsoft’s Windows software, which was discovered by the U.S. National Security Agency and then used by the NSA to build a hacking tool for its own use.

In a devastating NSA security breach, that hacking tool and others were published online by the Shadow Brokers, a mysterious group that regularly posts cryptic taunts toward the U.S. government.

The fact that WannaCry was made possible by the NSA led to sharp criticism from Microsoft President Brad Smith and others who believe the NSA should disclose vulnerabilities it finds so that they can be fixed, rather then hoarding that knowledge to carry out attacks.

Smith said WannaCry provided "yet another example of why the stockpiling of vulnerabilities by governments is such a problem."

U.S. officials have pushed back on those assertions, saying the administration discloses most computer flaws that government agencies detect.

Last month, the White House published its rules for deciding whether to disclose cyber security flaws or keep them secret as part of an effort to be more transparent about the inter-agency process involved in weighing disclosure.

(Reporting by Dustin Volz; Editing by Jonathan Weber and Peter Cooney)

Read Full Story