誰是橫掃全球計算機的勒索病毒WannaCry的幕后黑手？對此我們并不確定，但是一位網絡安全研究人員發現了指向罪魁禍首——朝鮮黑客集團拉撒路集團（Lazarus Group）——的證據。

這場始于上周五的互聯網瘟疫，與利用微軟公司（Microsoft）舊版軟件漏洞的黑客有關，其目的是鎖定計算機，包括企業和英國國家衛生署的計算機，繼而索要解鎖計算機的贖金。

本周一，谷歌公司（Google）的網絡安全研究人員奈耳·梅赫塔在推文中發布了本次勒索病毒攻擊使用的代碼，而在2015年發生的一次計算機攻擊中，也使用了這些代碼。2015年發生的那場計算機攻擊與拉撒路集團有關，所以代碼的重新使用，或許成為拉撒路集團是此次勒索病毒幕后黑手的線索。

拉撒路集團對一系列針對中央銀行的網絡劫案負責。據報道，拉撒路集團是朝鮮的軍事機構，通過犯罪為其網絡戰斗行動提供資金。本次勒索病毒攻擊顯示出的不道德的特征，與拉撒路集團此前的行為特征一致。

但是，梅赫塔在推文中發布的計算機代碼，與朝鮮作為此次勒索病毒母后黑手的確鑿證據相去甚遠——有很多原因能讓這一結論站不住腳（包括黑客定期借用惡意計算機代碼這一事實）。

但是，梅赫塔的發現引起眾多著名網絡安全研究人員的高度關注，他們紛紛加入Twitter上的辯論。

在此看到共享的代碼，是非常有趣的。https://t.co/CVnCEnzcvd

- 肖恩·亨特利（@ShaneHuntley）2017年5月15日

對于關注#Wannacry/#wannacrypt的每個人來說，@neelmehta提供了連線。https://t.co/UQwWd04KWx

- 摩根·馬奎斯-布瓦爾（@headhntr）2017年5月15日

與此同時，一位Twitter用戶提出了一種觀點，稱朝鮮莫名其妙搞砸了這次計算機攻擊，或許揭示了以下事實：英國網絡安全研究人員能觸發所謂的“kill switch（殺戮開關）”機制，阻止了部分勒索病毒攻擊，這在一定程度上限制了病毒攻擊的附帶結果。

好吧，我相信這種觀點。接受過俄羅斯培訓的朝鮮人企圖通過搞砸這次計算機攻擊賺錢https://t.co/mTqsSHoWpt

- davi （（（????）））德海 （@daviottenheimer）2017年5月15日

同時，安全媒體CyberScoop報道稱，著名的網絡安全公司卡巴斯基實驗室（Kaspersky Labs）的研究人員發布了博客貼子，對拉撒路集團與此次勒索病毒攻擊有關的觀點表示支持。

這篇博客貼子指出，“我們認為，這可能是解開此次計算機攻擊部分秘密的關鍵所在。有一件事是肯定的，奈爾·梅赫塔的發現是迄今為止關于Wannacry起源的最重要線索?！?

此外，對于梅赫塔的發現是此次計算機攻擊幕后黑手設計的“虛假旗幟”，從而錯誤地歸罪于朝鮮，卡巴斯基實驗室對這一觀點表示反對。

不愿透露姓名的美國和歐洲網絡安全官員對路透社表示，現在說誰是幕后黑手還為時過早，但也未排除朝鮮就是“嫌疑人”。（財富中文網）

譯者：劉進龍/汪皓

Who's behind the ransomware known as WannaCry that is wrecking havoc on computers around the world? We don't know for sure, but a security researcher has found a piece of evidence that points to a culprit: a North Korean operation known as the Lazarus Group.

The online epidemic, which began on Friday, involves hackers exploiting a flaw in older versions of Microsoft software in order to lock the computers—including those of companies and the U.K. health service—and demanding payment to unlock them.

On Monday, Google security researcher Neel Mehta tweeted lines of code from the current ransomware attack that had also been used in a separate 2015 attack. The earlier attack has been tied to the Lazarus Group, so the reuse of the code is a possible clue that the group is also behind the ransom.

The Lazarus Group, which is responsible for a series of online heists targeting central banks, is believed to be a North Korea military outfit that funds its cyber warfare operations through crime. The wanton character of the current ransomware attacks would be consistent with previous behavior by the Lazarus Group.

The computer code tweeted by Mehta, however, is far from definitive evidence North Korea is responsible for the ransomware. There are numerous reasons (including the fact hackers regularly borrow malicious computer code) to avoid drawing firm conclusions.

Nonetheless, Mehta's discovery is getting serious attention from top security researchers, who are weighing in on Twitter:

Very interesting seeing shared code here. https://t.co/CVnCEnzcvd

- Shane Huntley (@ShaneHuntley) May 15, 2017

For everyone following #Wanacry / #wannacrypt, @neelmehta has provided a join the dots. https://t.co/UQwWd04KWx

- Morgan Marquis-Boire (@headhntr) May 15, 2017

Meanwhile, one Twitter user floated a theory that the North Koreans had somehow fouled up the attack—possibly referring to the fact that a U.K. security researcher was able to trigger a so-called "kill switch" that shut down part of the ransomware attacks, partially limiting the fallout.

ok, i'll buy this theory. Russian-trained North Koreans attempting to actually make money when they screwed up https://t.co/mTqsSHoWpt

Meanwhile, as reported by CyberScoop, researchers at Kaspersky Labs—a highly regarded security firm—published a blog post supporting the theory that Lazarus Group could be tied to the ransomware attacks.

"We believe this might hold the key to solve some of the mysteries around this attack. One thing is for sure — Neel Mehta’s discovery is the most significant clue to date regarding the origins of Wannacry," said the blog post.

Kaspersky Labs also rejected the idea that Mehta's discovery was a "false flag" planted by the perpetrator of the attacks in order to wrongly incriminate North Korea.

U.S. and European security officials told Reuters on condition of anonymity that it was still too early to say who might be behind the attacks, but they did not rule out North Korea as a suspect.