Skip to main content

Microsoft acted to stop North Korean cyber threats, U.S. government says

Microsoft Logo at Ignite
Microsoft Logo at Ignite (Image credit: Windows Central)

White House homeland security advisor Tom Bossert says that Microsoft and Facebook helped to deter recent cyber attacks by North Korea. According to a Reuters report, Bossert confirmed Microsoft acted "to disable a number of North Korean cyber actions" last week, but no details were provided.

This comes just as the U.S. government publicly attributed May's WannaCry attack to North Korea for the first time. In a Wall Street Journal op-ed, Bossert says that the government's findings largely line up with those of Microsoft and others. Bossert also calls on businesses and governments to cooperate to stop attacks like WannaCry:

Stopping malicious behavior like this starts with accountability. It also requires governments and businesses to cooperate to mitigate cyber risk and increase the cost to hackers. The U.S. must lead this effort, rallying allies and responsible tech companies throughout the free world to increase the security and resilience of the internet.

Sophisticated cyber attacks, and ransomware, in particular, have come into sharp focus this year due to a number of widespread attacks. WannaCry was the first to gain attention, but further attacks, ranging from Petya to Bad Rabbit, stoked unease as well.

Though Bossert has called for cooperation in stopping these attacks, Microsoft has been critical of governments for stockpiling software vulnerabilities. The exploit that WannaCry took advantage of, for example, is largely believed to have originated with the National Security Agency (NSA).

Updated December 19, 2017: Microsoft has now commented on the matter, clarifying that it independently chose to take action last week to counteract a group called ZINC, otherwise known as Lazarus Group. From Microsoft:

Last week Microsoft, working together with Facebook and others in the security community, took strong steps to protect our customers and the internet from ongoing attacks by an advanced persistent threat actor known to us as ZINC, also known as the Lazarus Group. We concluded that this threat actor was responsible for WannaCry, a destructive attack in May that targeted Microsoft customers. Among other steps, last week we helped disrupt the malware this group relies on, cleaned customers' infected computers, disabled accounts being used to pursue cyberattacks and strengthened Windows defenses to prevent reinfection. We took this action after consultation with several governments, but made the decision independently.

Dan Thorp-Lancaster is the Editor in Chief for Windows Central. He began working with Windows Central as a news writer in 2014 and is obsessed with tech of all sorts. You can follow Dan on Twitter @DthorpL and Instagram @heyitsdtl. Got a hot tip? Send it to daniel.thorp-lancaster@futurenet.com.

8 Comments
  • These are the security vulnerabilities that are publically known and some say they feel secure browsing the web without a firewall and anti virus software LOL.
  • Oops, government just woke up and realized that they forgot to blame north Korea for the wannacry since May! I guess UK reminded them since they already have done it a few months ago...
  • Originated from the NSA......
  • USA develops a virus, let it spread outside their control by mistake (or so they say), someone else (or so they say) uses it to attack everybody, so that they can blame it on communists and start a war to control rare metals their industry needs that are available in north-korea's undergrounds... Why does this scheme feel familiar?
  • WikiLeaks Vault7 has shown us the CIA posess tools to obfuscate their efforts with any other nation actor's fingerprints. Def not DPRK. Good job on tech companies for participating in the mass delusion!
  • How do we know whether this is true or whether it is propaganda to get us to hate North Korea prior to a war?
  • As long as your skepticism of the government means you favor smaller government in general, have at it. What I don't understand are the people who don't trust government in areas like this, but are content with increasing government involvement in the Internet through anti-market policies like the poorly named "Net Neutrality." For my part, if I had to choose between the government spending $1B to defend against terrorism (cyber and otherwise) versus spending $1B to intrude into our private lives or provide services that could come from the private sector for able-bodied people (e.g., health care and other tax-and-redistribute programs), I'd much prefer the former, because defending its people so we can get on with our lives is pretty much job #1 for the federal government and the other just takes away our capitalism-generated freedom in thte name of providing services. In the meantime, I'm glad that Microsoft did something here to help.
  • Thanks to everyone that helped!!! We all have to work together for a better FUTURE. Peace and Love!!!!!!!!!!!!!!!!!! Pass it on!