Hackers threaten to release more code
Group behind WannaCry promises monthly data dump from June
WASHINGTON: Governments turned their attention to a possible new wave of cyber threats on Tuesday after the group that leaked US hacking tools used to launch the global WannaCry "ransomware" attack warned it would release more malicious code.
The extortion campaign, which has infected more than 300,000 computers worldwide since Friday, eased on Tuesday, but the identity and motive of its creators remain unknown.
The attack includes elements that belong to the US National Security Agency, and were leaked online last month.
Shadow Brokers, the group that took credit for that leak, threatened to release more code every month from June to anyone willing to pay for access to some of the tech world's biggest commercial secrets.It also threatened to dump data from banks and from Russian, Chinese, Iranian or North Korean nuclear and missile programmes.
The attack has caused most damage in Russia, Taiwan, Ukraine and India, said Czech security firm Avast.
The United States likely avoided greater harm as the attack targeted older versions of Microsoft's Windows operating system, and more US users have licensed, up-to-date, patched versions of it, compared with other regions
Cyber security researchers around the world have said they found evidence that could link North Korea with WannaCry.
A researcher from South Korea's Hauri Labs said its findings matched those of Symantec and Kaspersky Lab, which said on Monday that some code in an earlier version of WannaCry software had appeared in programs used by the Lazarus Group, identified by some as a North Korea-run hacking operation.
Symantec and Kaspersky said it was too early to tell whether North Korea was involved in the attacks, based on the evidence that was published on Twitter by Google security researcher Neel Mehta.
FireEye Inc, another cyber security firm, said it was also investigating, but was cautious about drawing a link to North Korea.
"The similarities we see between malware linked to that group and WannaCry are not unique enough to be strongly suggestive of a common operator," its researcher John Miller said. - REUTERS