The Trump administration now has officially confirmed what security researchers worldwide have believed all along: that North Korea was behind the massive WannaCry ransomware attacks earlier this year.
Trump's homeland security adviser Thomas Bossert yesterday wrote in an op-ed piece in The Wall Street Journal that North Korea "is directly responsible" for the attack that infected hundreds of thousands of Windows machines in some 150 countries.
"The attack was widespread and cost billions, and North Korea is directly responsible," Bossert wrote in the editorial.
"We do not make this allegation lightly. It is based on evidence. We are not alone with our findings, either. Other governments and private companies agree. The United Kingdom attributes the attack to North Korea, and Microsoft traced the attack to cyber affiliates of the North Korean government," he wrote.
Security researchers from Google, Kaspersky Lab, and Symantec, were the first to see a connection between the code used in WannaCry with that of a nation-state attack group thought to be out of North Korea, the so-called Lazarus Group. Several other security research teams later confirmed similar findings, and The Washington Post in June reported that the National Security Agency also was confident that Pyongyang executed the attack.
NSA officials reportedly found tactics and techniques in the attack that match those of Reconnaissance General Bureau, the North Korean intelligence agency. US intel officials concluded that hackers sponsored by the North Korean government wrote two versions of WannaCry.
WannaCry spread via a previously unknown flaw in Microsoft's Windows software discovered by the NSA and used by the agency to construct its own hacking tool. That tool and others went public after a data breach at the NSA and the online dump of the tools by Shadow Brokers, a mysterious group that later tried to sell the tools.