N. Korean Hacker Fingered For Wannacry Attacks

Uploaded on 2018-09-12 in TECHNOLOGY--Hackers, NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-Health & Welfare

Park Jin Hyok, 34, is charged by US officials over 2017 WannaCry ransomware attack that affected more than 150 countries

The US justice department has charged an alleged North Korean spy for helping to perpetrate cyberattacks against the British National Health Service that saw operations cancelled, ambulances diverted and patient records made unavailable following a worldwide hack in 2017 which affected computers in more than 150 countries.

Park Jin Hyok, 34, was also involved in an attack against the Sony Corporation in 2014 and an $81m theft from the Bank of Bangladesh in 2016, a criminal complaint released on Thursday 6th Sept claimed.

It was not immediately clear if North Korea, which authorities said the operative was working on behalf of during the WannaCry cyber-attack, would make Park available to US law enforcement authorities.

Park was thought to have operated from China, but prosecutors said they now believe he is in North Korea.

US officials believe the hackers struck in retribution for The Interview, a Hollywood spoof film that lampooned the isolated nation to such an extent that its state media warned it would wage “merciless retaliation”. The 2017 attack, the largest to have ever hit the health service, hit computers at hospitals and GP surgeries across 48 NHS trusts.

At least 6,900 NHS appointments were cancelled, and up to 19,000 affected in total, after staff were forced to resort to using pen and paper when they were locked out of computerised systems. A subsequent government report found that NHS trusts had been left vulnerable because basic cybersecurity recommendations were not followed. None of 88 out of 236 trusts assessed by NHS Digital before the attack were found to have satisfied the necessary cybersecurity standards.

It had been reported that nearly all NHS trusts were using an obsolete version of Windows for which Microsoft had stopped providing security updates three years previously, while it was also suggested that 90% of trusts were using Windows XP, then a 15-year-old system. In the immediate aftermath of the hack the then-home secretary Amber Rudd was not able to confirm whether patient data had previously been backed up.

NHS workers at the time told the Guardian that the computers were affected after email attachments were opened, with the computers going down shortly after. Staff were swiftly told to “shut down, take out network cables and unplug the phones”, an NHS worker from an Essex hospital said.

The malware demanded ransoms of $300 (£230) in Bitcoin to users on the infected computers. Although there was no evidence any NHS organisation paid, according to NAO, the financial cost of the crippling episode remains unclear.
The National Crime Agency’s director general of operations paid tribute to the collaboration between UK and US law enforcement and warned that the distinction between nation states and criminal groups in cases of cybercrime has become increasingly blurred.

 “The ransomware attacks that affected the UK appear to be part of a series, and it’s right that they are prosecuted together to show the full scale of offending,” Steve Rodhouse said.

 “The WannaCry attack highlighted that cybercrime affects not just the country’s prosperity and security, but also affects our everyday way of life.

“The distinction between nation states and criminal groups in terms of cybercrime is becoming frequently more blurred and today’s charges are a significant step forward in our investigation.”

Home Office minister Ben Wallace said in October 2017 that the government was “as sure as possible” that North Korea was responsible for the attack. The US justice department confirmed that the WannaCry investigation, one of the most complex cybercriminal investigations it has ever conducted, is ongoing, and includes activity ranging through 2018. 

The December 2014 cyber-attack against Sony’s film-making studio saw five of its upcoming movies, including the big-budget musical remake Annie, released online to file-sharing sites by a group calling itself Guardians of Peace.

Amid threats to moviegoers, Sony cancelled the theatrical release of The Interview and instead released it online.
Bloomberg reported that a Sony internal report linked the attack to a group associated with Pyongyang known as DarkSeoul, which wiped out the computers of South Korean banks and broadcasters in March 2013.

A North Korean official denied the country was responsible for cyber-attacks on Sony in an interview with Voice of America.

“Linking the DPRK to the Sony hacking is another fabrication targeting the country,” said the unidentified diplomat. “My country publicly declared that it would follow international norms banning hacking and piracy.”

Guardian:

You Might Also Read: 

Healthcare Cyber-Attacks Still Going Up:

Preventing Another Wannacry:
 

« The App That Lets You Sell Your Personal Healthcare Data
British Airways Faces £Multimillion Fine »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

AEI Cybersecurity

AEI Cybersecurity

AEI brings together companies, Research Centres, Universities, and other organizations interested in promoting new cybersecurity technologies.

NEC

NEC

NEC offers a complete array of solutions to governments and enterprises to protect themselves from the threats of digital disruption.

Jiran Security

Jiran Security

Jiran Security provides data and application security solution over email, mobile device and endpoints.

SafenSoft (SnS)

SafenSoft (SnS)

SafenSoft delivers high-efficiency, low-impact proactive protection against malware, insider threats, and confidential data leakage.

SteelCloud

SteelCloud

SteelCloud has spent the last decade inventing technology to automate policy compliance, configuration control, and Cloud security.

Gulf Computer Services Co (GCSC)

Gulf Computer Services Co (GCSC)

Gulf Computer Services is a major player in the field of networking & Communication solutions for emerging industries such as Internet Services and Information Technology in Saudi Arabia.

Matrix42

Matrix42

Matrix42 software for digital workspace experience manages devices, applications, processes and services simple, secure and compliant.

Dualog

Dualog

Dualog provides a maritime digital platform which ensures that services work reliably and securely onboard.

CyPhyCon

CyPhyCon

CyPhyCon is an annual event exploring threats and solutions to cyber attacks on cyber-physical systems such as industrial control systems, Internet of Things and Industrial Internet of Things.

Threat Status

Threat Status

Threat Status are a Threat Intelligence company. We are the developers of Trillion. A cloud based Security As A Service (SaaS) platform.

Ascend Technologies

Ascend Technologies

Ascend Technologies offers a full suite of managed IT services including: Cloud & Infrastructure Management, Cybersecurity Management, Service Desk Management, Application Management , Data Management

Redwall Technologies

Redwall Technologies

Redwall provides cybersecurity expertise and technology to prevent and respond to emerging threats against mobile applications and connected infrastructures.

Allied Telesis

Allied Telesis

Allied Telesis delivers the secure, flexible, and agile solutions needed to meet the expectations of any industry’s critical mission.

ReasonLabs

ReasonLabs

ReasonLabs have created a next-generation anti-virus that is enterprise grade, yet accessible to any personal device around the world.

IgmGuru

IgmGuru

Igmguru offers certification online training courses for IT professionals and students. Get certified with high-in-demand job-oriented professional courses.

Josef Ressel Centre for Intelligent & Secure Industrial Automation

Josef Ressel Centre for Intelligent & Secure Industrial Automation

The Josef Ressel Centre for Intelligent and Secure Industrial Automation investigates the fundamentals of digital assistants for industrial machines that enable intelligent and secure operation.