Remember the massive cyberattack last month in which victims were told to pay a ransom to have their data unlocked? The NSA thinks it was a scheme by North Korea to make money for its government coffers, reports the Washington Post. A report not yet made public suggests the perpetrators responsible were sponsored by North Korea's spy agency, the Reconnaissance General Bureau; the ransomware was traced to IP addresses commonly used by the RGB in China, officials say. The report suggests the perpetrators belong to the Lazarus Group, a hackers' collective that works on behalf of Pyongyang. Security researchers at Google and Symantec previously said an early version of WannaCry contained code used by the Lazarus Group in an earlier cyberattack.
The goal of the ransomware—which demanded $300 in order to release encrypted data on victims' computers—was apparently to raise money for North Korea's regime. So did it work? Not so much. Despite affecting more than 300,000 people in 150 countries, it raised just $140,000 in Bitcoin that has yet to be cashed out, likely because the transactions will be easily trackable. Given such faults—attackers also couldn't tell which users paid a ransom—a cybersecurity researcher at Rendition Infosec suggests the worm was accidentally unleashed in a testing phase. The NSA assessment isn't definitive, but it says the evidence overwhelmingly points to North Korea. The BBC, however, notes that a different assessment suggested the hackers were fluent in Chinese, which would cast doubt on North Korea as the culprit.