Date of report
- June 2017
Affiliations
- Believed to be the work of the Lazarus Group.
A threat actor used a tool called WannaCry to encrypt data in compromised networks, and intended to provide the victims with the decryption key only after a ransom had been paid. The threat actors used an exploit, called EternalBlue--first discovered by the U.S. National Security Agency--to propagate WannaCry in organizations using the Windows operating system. On December 19, 2017, the United States, Australia, Canada, Japan, and the United Kingdom issued statements accusing North Korea of being responsible for WannaCry.
In September 2018, the U.S. Department of Justice announced criminal charges alleging that North Korean entities were responsible for this incident.
Suspected victims
- FedEx
- Deutsche Bahn
- Renault
- UK National Health Service
- PetroChina
- Nissan
- Telefonica
- Hitachi
- Sberbank
Suspected state sponsor
- Korea (Democratic People's Republic of)
Type of incident
- Data destruction
Target category
- Private sector
- Government