BEIJING — Technology experts say the threat of another global cyberattack continues Tuesday morning, and they say there’s evidence North Korean hackers could be behind the massive malware assault that paralyzed computer systems world-wide last week.
Just as North Korea boasted about the successful launch of a new missile it says can carry a “large” nuclear warhead, technology experts said they had found evidence buried deep in computer code that North Korean hackers could be behind the digital international threat, too.
Cyber security firms have found similarities between the tools used in this attack and those used in previous hacks blamed on North Korea.
The hacking tools were first developed by the National Security Agency but were stolen and leaked, and now they may have been used by a North Korean hacking group.
“In this case, there is a fragment of the technology that was associated with Lazarus,” Gregory Clark, CEO of cybersecurity firm Symantec, told CBS News.
“The Lazurus Group” is a hacker collective with ties to North Korea, and experts at Symantec and other companies say they found a portion of the group’s previous malware coding inside the “WannaCry” hacking program used in last week’s cyberattacks.
The discovery was made by a Google security researcher, Neel Mehta, who pointed it out in a cryptic tweet on Monday the parallel between an early version of the WannaCry tool used last week and code used by Lazurus in several years ago.
Lazarus was implicated in the 2014 hack of data from Sony Pictures — an apparent retaliation for Sony’s release of the film “The Interview,” which mocked North Korean leader Kim Jong Un.
Lazarus was also connected with last year’s theft of $81 million from a Bangladesh account at the Federal Reserve Bank in New York. U.S. officials blamed both hacks on North Korea.
This latest attack was more widespread, taking advantage of a known vulnerability in older Microsoft software to force the shut-down of hospitals and other businesses around the world by encrypting files to make them inaccessible until a ransom of $300 was paid.
While technology experts were able to contain this weekend’s attack, they warn the threat is not over.
“We are worried about the smart guys realizing what worked and what didn’t, and something else coming our way that might be a little better engineered,” Symantec’s Clark told CBS News.
So far, the cyberattack has infected some 300,000 computers in 150 countries.
Experts say it’s too early to blame last week’s attack on North Korean hackers, however, citing the possibility that other cybercriminals could have used the Lazarus malware and even included the identical portion of code as a false flag to implicate the isolated regime.
© 2017 CBS Interactive Inc. All Rights Reserved.