Microsoft and Facebook have joined other members of the security community in taking steps to disrupt the ongoing operations of the infamous North Korean Lazarus Group, now officially blamed for WannaCry.
The two tech giants released separate statements earlier this week briefly detailing actions they took last week to make life difficult for the notorious cybercrime group, also known as ZINC.
Facebook said it deleted accounts linked to the group, in a bid to make it harder for its threat actors to conduct their activities.
It added:
“Similar to other threat groups, they largely used personal profiles and pretended to be other people in order to do things like learning about others and building relationships with potential targets. Our actions were not focused on the WannaCry malware itself.
We also notified people who may have been in contact with these accounts and gave suggestions to enhance their account security, as we have done in the past about other threat groups. We will continue to work closely with companies to investigate and counteract these types of threats to our collective security.”
Unlike the social network, Microsoft’s work last week appears to have been more focused on the malware side.
“Among other steps, last week we helped disrupt the malware this group relies on, cleaned customers’ infected computers, disabled accounts being used to pursue cyberattacks and strengthened Windows defenses to prevent reinfection,” explained president, Brad Smith.
“We took this action after consultation with several governments, but made the decision independently.”
The news comes as the White House officially blamed North Korea this week for the ransomware attack that caused widespread chaos around the world in May, infecting hundreds of thousands of endpoints in 150 countries and forcing the cancellation of an estimated 19,000 NHS operations and appointments.
Although some have criticized the US government for failing to reveal any evidence to support the claims, the news was welcomed by Smith.
“We are pleased to see these governments making this strong statement of attribution. If the rising tide of nation-state attacks on civilians is to be stopped, governments must be prepared to call out the countries that launch them,” he said. “Today’s announcement represents an important step in government and private sector action to make the internet safer.”