The recent WannaCry ransomware attack that used hacked National Security Agency tools has touched off a round of speculation (fueled in part by vendors of cyber defense products) that seeks to blame the attack on North Korea.
Not so fast, counters a Washington-based think tank that cautions there is so far little evidence to support assertions of a state-sponsored attack. Moreover, the Institute for Critical Infrastructure Technology (ICIT) warns that unsubstantiated reports of North Korean sponsorship serves as a distraction from the overriding issue: The "underlying weaknesses in cyber security culture and critical infrastructure systems that enabled the May 12, 2017 WannaCry attack to succeed in the first place."
A growing consensus points to the Lazarus Group, considered a sophisticated, self-sufficient cyber-criminal collective or a splinter group, as a likely source of the WannaCry attack. The group has previously targeted military organizations, banks and manufacturers in China, India, Russia, South Korea, Turkey and the U.S.