The country of the hacking group is North Korea
In the midst of the WannaCry maelstrom last week, Cybersecurity researchers at Symantec Corp. and FireEye Inc. found clues that tied the massive ransomware outbreak to a hacker crew called the Lazarus Group, long believed to be an offensive cyber unit working out of North Korea. The Lazarus has been blamed for a 2014 attack on Sony and the theft of $81 millions from Bangladesh’s central bank. The software used was virtually identical to versions employed in attacks earlier this year attributed to the same agency, the company said in a report late Monday.
After founded the clues the Symantec said :
One significant clue was that two variants of Destover, a disk-wiping tool used in the Sony Pictures attack, was discovered on an early WannaCry victim’s network.
Another tool called Volgmer – malware used by Lazarus in attacks on South Korean targets – was also found on PCs at the hacked organization. That attack took place on February 10th, when 100 computers were swiftly infected with WannaCry. The name of the victim has not been released.
According to several security experts from several giant companies, the evidence can’t be ignored, because every and each sign is representing from north korea.