Facebook and Microsoft have teamed up to crack down on the hacking group believed to be behind a ransomware attack that spread around the world in May.
Last week, the two companies collaborated with other unnamed members of the security community to take action against the group, the companies and a White House official said on Tuesday. The group, known as ZINC or Lazarus, has been tied to ongoing cyber threats, including the WannaCry ransomware attack that targeted hospitals, businesses and banks in the spring.
The announcement came the same day the U.S. government officially accused North Korea of being behind the WannaCry attack. In a Wall Street Journal op-ed, Homeland Security Adviser Tom Bossert said “after careful investigation” the U.S. was publicly placing blame on North Korea for the attack. Bossert said it was “based on evidence” but did not offer more details.
The governments of the United Kingdom, Australia, Canada, New Zealand and Japan also announced that they believed North Korea was behind the attack.
Though Facebook and Microsoft did not directly attribute the attack to North Korea, Microsoft president Brad Smith in a blog post said the company was “pleased to see these governments making this strong statement of attribution.”
“If the rising tide of nation-state attacks on civilians is to be stopped, governments must be prepared to call out the countries that launch them. Today’s announcement represents an important step in government and private sector action to make the internet safer,” he wrote.
Microsoft said it cleaned its customers’ infected computers and took down accounts that Lazarus was using to “pursue cyberattacks.” It also beefed-up Windows security to prevent the malware from infecting computers again.
Facebook also deleted profiles operated by the group. Hackers used fake social media profiles to pose as other people and connect with potential targets, Facebook said in a post. It also reached out to people who had inadvertently connected to the suspicious accounts. It gave them advice on how to improve their security.
Facebook said while it was targeting the same group, its actions weren’t focused on WannaCry. The companies did approach the U.S. government recently to inform it of their findings.
“Facebook has a long-standing commitment to security, and we continue to invest in efforts to protect people from cyber threats and keep our platform safe,” said a Facebook spokesperson in a statement. “We will continue to work closely with companies to investigate and counteract these types of threats to our collective security.”
The malware locks down infected computers and demanded a ransom from the user. If the amount was not paid, their data would be deleted. The May attack impacted vital computer systems in 150 countries, including the Britain’s health system.
The spread of the virus was halted by British malware researcher Marcus Hutchins, who discovered a kill-switch for the attack. He is currently awaiting trial in the U.S. on charges of allegedly conspiring to distribute unrelated malware.