Analysts and experts have noticed that digital currency is being manufactured even as a computer virus that exploits the same vulnerability as the global “ransomware” attack has latched on to more than 200,000 computers.
The development provides another piece of evidence that a North Korea-linked hacking group may be behind the attacks and adds to the dangers exposed by the WannaCry ransomware.
More than 300,000 computers were attacked since Friday with their data being locked up and demanding a ransom payment to release by the WannaCry virus which is believed to have been developed in part with hacking techniques that were either stolen or leaked from the U.S. National Security Agency.
However because it allows computers to operate while creating the digital cash in the background, it had not been previously discovered even as the related attack began infecting machines in late April or early May, said researchers at security firm Proofpoint, which installs a currency “miner” that generates digital cash.
Far more than has been generated by the WannaCry attack, the authors may have earned more than $1 million, said Proofpoint executive Ryan Kalember.
A flaw in Microsoft Corp’s Windows software is the way for the program to attack a computer, like WannaCry. Though not all companies and individuals have installed the patches, that hole has been patched in newer versions of Windows.
A technology known as blockchain, forms the basis of the development of digital technologies and it operates by enabling the creation of new currency in exchange for solving complex math problems. In order to solve the problems and generate currency, whose value ultimate fluctuates according to market demand, digital “miners” run specially configured computers. The new mining program is not aimed at Bitcoin even though bitcoin is by far the largest such digital currency. Instead, a newer digital currency, called Monero, that experts say has been pursued recently by North Korean-linked hackers, has been pursued by it.
Including for the fact that early versions of the WannaCry code used some programming lines that had previously been spotted in attacks by Lazarus Group, a hacking group associated with North Korea, that country has attracted attention in the WannaCry case for a number of reasons.
But such evidence is not conclusive, and the investigation is in its early stages, security researchers and U.S. intelligence officials have cautioned.
A wing of Lazarus devoted to financial gain had installed software to mine Monero on a server in Europe, said security firm Kaspersky Lab in early April.
Either it could suggest that North Korea was responsible for both the ransomware and the currency mining or it can be coincidence – a brand new campaign to mine the same currency, using the same Windows weakness as WannaCry.
He believes the similarities in the European case, WannaCry and the miner were “more than coincidence,” Kalember said.
“It’s a really strong overlap,” he said. “It’s not like you see Monero miners all over the world.”
While the FBI declined to comment, the North Korean mission to the United Nations could not be reached for comment.
(Adapted from CNBC)