Cybersecurity

North Korea: US WannaCry accusation ‘reckless’

North Korea’s Ministry of Foreign Affairs on Wednesday fiercely denied the United States assertion Pyongyang launched the disastrous WannaCry malware.

“As we have clearly stated on several occasions, we have nothing to do with cyber-attack and we do not feel a need to respond, on a case-by-case basis, to such absurd allegations of the U.S.,” a spokesman told the state media publication KCNA. 

“However, we can never tolerate the U.S. reckless move of using the issue of cyber-attack for the purpose of making direct accusation against our state,” he said.{mosads}

Though the KCNA website was down, the statement was archived at North Korean media aggregator KCNA Watch.

WannaCry infected hundreds of thousands of computers in only a few days, forcing the British national hospital system to turn away patients and harming government systems in Russia, India and China. 

On Tuesday, U.S. homeland security adviser Tom Bossert announced that the U.S. had conclusively linked WannaCry with North Korean leadership.

According to the KCNA piece, North Korean officials are passing this off as an effort to draw other countries into the Washington-Pyongyang game of brinksmanship. 

“This move is a grave political provocation by the U.S. aimed at inducing the international society into a confrontation against the DPRK,” the spokesman said. 

The spokesman also accused the United States of fabricating the controversy. 

“The U.S., a source of all social evils and a state of global cyber-crimes, is unreasonably accusing the DPRK without any forensic evidence,” the spokesman said. 

A bevy of researchers, including those from Moscow-based Kaspersky Lab and U.S.-based Symantec, however, quickly developed a forensic case against the North Korean state hacking team Lazarus Group soon after WannaCry’s release.

Researchers point to overlapping code in WannaCry and other believed North Korean attacks, North Korean hacking tools used to implant early versions of WannaCry and shared internet infrastructure used in multiple attacks.