Microsoft acted to stop North Korean cyber threats, U.S. government says

Microsoft Logo at Ignite
Microsoft Logo at Ignite (Image credit: Windows Central)

White House homeland security advisor Tom Bossert says that Microsoft and Facebook helped to deter recent cyber attacks by North Korea. According to a Reuters report, Bossert confirmed Microsoft acted "to disable a number of North Korean cyber actions" last week, but no details were provided.

This comes just as the U.S. government publicly attributed May's WannaCry attack to North Korea for the first time. In a Wall Street Journal op-ed, Bossert says that the government's findings largely line up with those of Microsoft and others. Bossert also calls on businesses and governments to cooperate to stop attacks like WannaCry:

Stopping malicious behavior like this starts with accountability. It also requires governments and businesses to cooperate to mitigate cyber risk and increase the cost to hackers. The U.S. must lead this effort, rallying allies and responsible tech companies throughout the free world to increase the security and resilience of the internet.

Sophisticated cyber attacks, and ransomware, in particular, have come into sharp focus this year due to a number of widespread attacks. WannaCry was the first to gain attention, but further attacks, ranging from Petya to Bad Rabbit, stoked unease as well.

Though Bossert has called for cooperation in stopping these attacks, Microsoft has been critical of governments for stockpiling software vulnerabilities. The exploit that WannaCry took advantage of, for example, is largely believed to have originated with the National Security Agency (NSA).

Updated December 19, 2017: Microsoft has now commented on the matter, clarifying that it independently chose to take action last week to counteract a group called ZINC, otherwise known as Lazarus Group. From Microsoft:

Last week Microsoft, working together with Facebook and others in the security community, took strong steps to protect our customers and the internet from ongoing attacks by an advanced persistent threat actor known to us as ZINC, also known as the Lazarus Group. We concluded that this threat actor was responsible for WannaCry, a destructive attack in May that targeted Microsoft customers. Among other steps, last week we helped disrupt the malware this group relies on, cleaned customers' infected computers, disabled accounts being used to pursue cyberattacks and strengthened Windows defenses to prevent reinfection. We took this action after consultation with several governments, but made the decision independently.

Dan Thorp-Lancaster

Dan Thorp-Lancaster is the former Editor-in-Chief of Windows Central. He began working with Windows Central, Android Central, and iMore as a news writer in 2014 and is obsessed with tech of all sorts. You can follow Dan on Twitter @DthorpL and Instagram @heyitsdtl