The authors may still be the Lazarus group

May 29, 2017 19:29 GMT  ·  By

Over the past couple of weeks, there's been a lot of talk about who's behind the WannaCry ransomware, with some researchers pointing to code that's the same as that used by the North Korean Lazarus group, and others saying there's little chance for them to be behind it all. Now, another analysis points towards the WannaCry code being written by native Chinese speakers. 

According to US intelligence company Flashpoint, it might have been a group of native Chinese speakers who wrote the ransomware that hit some 300,000 devices in 150 countries. Evidence, they say, is the style and accuracy of the Chinese notes, as well as their lengthier formats. They claim with "moderate confidence" that they are the work of a native Chinese speaker.

The clues

One clue, they say, is the phrase "But you have not so enough time," which indicates not only that the writer does not speak English natively but also that they've been poorly educated in it.

Furthermore, it seems that the English notes were written by hand, as opposed to the attackers using a machine translation. By comparison, the ransom notes in all other languages were translated from English using Google Translate.

As mentioned, the attacks have previously been thought to have been orchestrated by North Korea. The initial idea came from a Google security researcher who posted on Twitter two pieces of code - one from WannaCry and another from an attack linked to the Lazarus Group, a hacking team that's been linked to the North Korean government.

On the other hand, ZDNet reports that while Lazarus is mostly believed to work for the North Korean government, rumor has it that they're actually operating from China. If this is true, then it might very well mean that this new report actually talks about the very same authors all other previous reports were referring to.