Earlier today, we reported that a White House staffer, Tom Bossert, claimed the U.S. believed North Korea to be behind the WannaCry attack which affected 300,000 computers in 150 countries; he made those commend in an Op-Ed in the Wall Street Journal. He has now reiterated that claim at a White House news conference and stated that Facebook and Microsoft are helping to mitigate attacks that the U.S. claims are coming from a North Korean-backed group dubbed Lazarus.
Bossert, at the news conference, said:
“Facebook took down accounts that stopped the operational execution of ongoing cyber attacks and Microsoft acted to patch existing attacks, not just the WannaCry attack initially.”
While Bossert did not provide any specifics on how the attacks were mitigated, both Facebook and Microsoft provided some insight into the actions that they took. Facebook said that it deleted several accounts last week which were associated with the Lazarus group.
Those behind the accounts had set up fake personal profiles in order to build relationships with potential targets. The social media giant informed those targeted individuals what had been going on. Facebook said its own actions made it harder for the group to "conduct their activities."
In a blog post, Brad Smith, President and Chief Legal Officer at Microsoft, said:
“Last week we helped disrupt the malware this group relies on, cleaned customers’ infected computers, disabled account being used to pursue cyberattacks and strengthened Windows defences to prevent reinfection. We took this action after consultation with several governments, but made the decision independently.”
Microsoft also noted that it was pleased to see the governments of the United States, United Kingdom, Australia, Canada, New Zealand, and Japan all announce that they believe North Korea is responsible for the activities of the Lazarus group and that today’s announcement represents an “important step” in governments and private businesses working together to make the internet safer.