Learning from major cyber security incidents
Learning from major cyber security incidents

Start this free course now. Just create an account and sign in. Enrol and complete the course for a free statement of participation or digital badge if available.

Free course

Learning from major cyber security incidents

2.3 Who were the attackers?

At the time of writing, nobody has claimed responsibility, nor has anyone been arrested for spreading the malware. One suspect is the Shadow Brokers group, as they were alleged to have stolen the hacking tool from the NSA. Moty Cristal, a professional negotiator, believed that the attackers did it not for money but to make a point, which was to show the group’s strength and remind large organisations to revise their cyber security strategies. He said:

The failure of the perpetrators to auction it for big money, the leveraging of a long-known vulnerability, the low ransom demand in global parallel attacks (which decreases chances of being paid) and the fact that Russia has been dramatically hit, are all signs that the perpetrators could be American hackers frustrated by their failure to make big money. The attack has the signs of being the work of a group that preferred expressive impact over a modest amount of money.

[…] It was a global show of strength, an expressive one, that caused relatively low financial and operational damage, and ought to be used by UK government as a powerful reminder to revise its cyber security strategies.

(Cristal, 2017)

However, according to a Washington Post article written by Ellen Nakashima in June 2017, the NSA believed that the hacking group Lazarus, linked to the North Korean government, was behind the WannaCry attack. The report stated that the Obama administration previously believed the Lazarus group was behind a series of cyber-robberies of banks in Asia as well as the 2014 hack of Sony Pictures Entertainment, which demanded that the company withdraw a film that ridiculed the North Korean leader, Kim Jong Un. Sanctions were imposed on North Korea by the US government after these attacks. The report further stated that the security researchers who analysed the code of WannaCry found similarities to the malware used by the Lazarus group, and that there was military intelligence indicating that North Korea was behind the attack.

In December 2017, the US government publicly announced that North Korea was the main culprit behind the WannaCry attack. This view was shared by the UK, Canada, New Zealand and Japan too, according to CBS News (2017). Nevertheless, North Korea always denied the allegation.

Without firm evidence and a proper court trial, it is hard to pinpoint who the culprit behind the WannaCry attack was. However, the Lazarus and Shadow Brokers groups appear to be the prime suspects.


Take your learning further

Making the decision to study can be a big step, which is why you'll want a trusted University. The Open University has 50 years’ experience delivering flexible learning and 170,000 students are studying with us right now. Take a look at all Open University courses.

If you are new to University-level study, we offer two introductory routes to our qualifications. You could either choose to start with an Access module, or a module which allows you to count your previous learning towards an Open University qualification. Read our guide on Where to take your learning next for more information.

Not ready for formal University study? Then browse over 1000 free courses on OpenLearn and sign up to our newsletter to hear about new free courses as they are released.

Every year, thousands of students decide to study with The Open University. With over 120 qualifications, we’ve got the right course for you.

Request an Open University prospectus371