誰是橫掃全球計(jì)算機(jī)的勒索病毒W(wǎng)annaCry的幕后黑手？對此我們并不確定，但是一位網(wǎng)絡(luò)安全研究人員發(fā)現(xiàn)了指向罪魁禍?zhǔn)住r黑客集團(tuán)拉撒路集團(tuán)（Lazarus Group）——的證據(jù)。

這場始于上周五的互聯(lián)網(wǎng)瘟疫，與利用微軟公司（Microsoft）舊版軟件漏洞的黑客有關(guān)，其目的是鎖定計(jì)算機(jī)，包括企業(yè)和英國國家衛(wèi)生署的計(jì)算機(jī)，繼而索要解鎖計(jì)算機(jī)的贖金。

本周一，谷歌公司（Google）的網(wǎng)絡(luò)安全研究人員奈耳·梅赫塔在推文中發(fā)布了本次勒索病毒攻擊使用的代碼，而在2015年發(fā)生的一次計(jì)算機(jī)攻擊中，也使用了這些代碼。2015年發(fā)生的那場計(jì)算機(jī)攻擊與拉撒路集團(tuán)有關(guān)，所以代碼的重新使用，或許成為拉撒路集團(tuán)是此次勒索病毒幕后黑手的線索。

拉撒路集團(tuán)對一系列針對中央銀行的網(wǎng)絡(luò)劫案負(fù)責(zé)。據(jù)報(bào)道，拉撒路集團(tuán)是朝鮮的軍事機(jī)構(gòu)，通過犯罪為其網(wǎng)絡(luò)戰(zhàn)斗行動提供資金。本次勒索病毒攻擊顯示出的不道德的特征，與拉撒路集團(tuán)此前的行為特征一致。

但是，梅赫塔在推文中發(fā)布的計(jì)算機(jī)代碼，與朝鮮作為此次勒索病毒母后黑手的確鑿證據(jù)相去甚遠(yuǎn)——有很多原因能讓這一結(jié)論站不住腳（包括黑客定期借用惡意計(jì)算機(jī)代碼這一事實(shí)）。

但是，梅赫塔的發(fā)現(xiàn)引起眾多著名網(wǎng)絡(luò)安全研究人員的高度關(guān)注，他們紛紛加入Twitter上的辯論。

在此看到共享的代碼，是非常有趣的。https://t.co/CVnCEnzcvd

- 肖恩·亨特利（@ShaneHuntley）2017年5月15日

對于關(guān)注#Wannacry/#wannacrypt的每個人來說，@neelmehta提供了連線。https://t.co/UQwWd04KWx

- 摩根·馬奎斯-布瓦爾（@headhntr）2017年5月15日

與此同時，一位Twitter用戶提出了一種觀點(diǎn)，稱朝鮮莫名其妙搞砸了這次計(jì)算機(jī)攻擊，或許揭示了以下事實(shí)：英國網(wǎng)絡(luò)安全研究人員能觸發(fā)所謂的“kill switch（殺戮開關(guān)）”機(jī)制，阻止了部分勒索病毒攻擊，這在一定程度上限制了病毒攻擊的附帶結(jié)果。

好吧，我相信這種觀點(diǎn)。接受過俄羅斯培訓(xùn)的朝鮮人企圖通過搞砸這次計(jì)算機(jī)攻擊賺錢https://t.co/mTqsSHoWpt

- davi （（（????）））德海 （@daviottenheimer）2017年5月15日

同時，安全媒體CyberScoop報(bào)道稱，著名的網(wǎng)絡(luò)安全公司卡巴斯基實(shí)驗(yàn)室（Kaspersky Labs）的研究人員發(fā)布了博客貼子，對拉撒路集團(tuán)與此次勒索病毒攻擊有關(guān)的觀點(diǎn)表示支持。

這篇博客貼子指出，“我們認(rèn)為，這可能是解開此次計(jì)算機(jī)攻擊部分秘密的關(guān)鍵所在。有一件事是肯定的，奈爾·梅赫塔的發(fā)現(xiàn)是迄今為止關(guān)于Wannacry起源的最重要線索?！?

此外，對于梅赫塔的發(fā)現(xiàn)是此次計(jì)算機(jī)攻擊幕后黑手設(shè)計(jì)的“虛假旗幟”，從而錯誤地歸罪于朝鮮，卡巴斯基實(shí)驗(yàn)室對這一觀點(diǎn)表示反對。

不愿透露姓名的美國和歐洲網(wǎng)絡(luò)安全官員對路透社表示，現(xiàn)在說誰是幕后黑手還為時過早，但也未排除朝鮮就是“嫌疑人”。（財(cái)富中文網(wǎng)）

譯者：劉進(jìn)龍/汪皓

Who's behind the ransomware known as WannaCry that is wrecking havoc on computers around the world? We don't know for sure, but a security researcher has found a piece of evidence that points to a culprit: a North Korean operation known as the Lazarus Group.

The online epidemic, which began on Friday, involves hackers exploiting a flaw in older versions of Microsoft software in order to lock the computers—including those of companies and the U.K. health service—and demanding payment to unlock them.

On Monday, Google security researcher Neel Mehta tweeted lines of code from the current ransomware attack that had also been used in a separate 2015 attack. The earlier attack has been tied to the Lazarus Group, so the reuse of the code is a possible clue that the group is also behind the ransom.

The Lazarus Group, which is responsible for a series of online heists targeting central banks, is believed to be a North Korea military outfit that funds its cyber warfare operations through crime. The wanton character of the current ransomware attacks would be consistent with previous behavior by the Lazarus Group.

The computer code tweeted by Mehta, however, is far from definitive evidence North Korea is responsible for the ransomware. There are numerous reasons (including the fact hackers regularly borrow malicious computer code) to avoid drawing firm conclusions.

Nonetheless, Mehta's discovery is getting serious attention from top security researchers, who are weighing in on Twitter:

Very interesting seeing shared code here. https://t.co/CVnCEnzcvd

- Shane Huntley (@ShaneHuntley) May 15, 2017

For everyone following #Wanacry / #wannacrypt, @neelmehta has provided a join the dots. https://t.co/UQwWd04KWx

- Morgan Marquis-Boire (@headhntr) May 15, 2017

Meanwhile, one Twitter user floated a theory that the North Koreans had somehow fouled up the attack—possibly referring to the fact that a U.K. security researcher was able to trigger a so-called "kill switch" that shut down part of the ransomware attacks, partially limiting the fallout.

ok, i'll buy this theory. Russian-trained North Koreans attempting to actually make money when they screwed up https://t.co/mTqsSHoWpt

Meanwhile, as reported by CyberScoop, researchers at Kaspersky Labs—a highly regarded security firm—published a blog post supporting the theory that Lazarus Group could be tied to the ransomware attacks.

"We believe this might hold the key to solve some of the mysteries around this attack. One thing is for sure — Neel Mehta’s discovery is the most significant clue to date regarding the origins of Wannacry," said the blog post.

Kaspersky Labs also rejected the idea that Mehta's discovery was a "false flag" planted by the perpetrator of the attacks in order to wrongly incriminate North Korea.

U.S. and European security officials told Reuters on condition of anonymity that it was still too early to say who might be behind the attacks, but they did not rule out North Korea as a suspect.