May 30, 2017

U.S. intel firm finds Chinese traces in ransomware attack notes

Mark Schiefelbein / AP

U.S. intelligence firm Flashpoint claims with "high confidence" that the notes accompanying the ransomware attack were written by Chinese-speaking hackers from southern China, Hong Kong, Taiwan, or Singapore. The notes, sent out in 28 different languages, warned users they couldn't access their data unless they paid a ransom in an attack this month that hit 150 countries, called the WannaCry attack.

Why this matters: The group that launched the attack is suspected to be a North Korean hacker group. This either adds a hitch to that suspicion or means the North Koreans have gone to great lengths to cast doubt on their identity by forging Korean into Chinese.

The language analysis: Nearly all of the notes were translated using Google Translate, Flashpoint writes. Only three (the English notes and two different versions of Chinese notes) are likely to have been drafted by a human with knowledge of the language, but only the Chinese notes indicate they were written by someone with fluent knowledge of the language.

Two more snags to finding who is responsible for the attack:

  1. TheShadowBrokers, the group that enabled the hack by posting the loophole online, has emptied out its bitcoin account, worth $24,000, a surprising move since this could identify the group. However, the group distributed the bitcoins to multiple addresses to mask the transaction, disrupting chances of identification.
  2. Up next, the group has offered to distribute more hacking tools for about $24,000 and is accepting Zcash, another digital currency much like bitcoin, but which is much harder to track.

Go deeper

Coronavirus dashboard

Illustration: Aïda Amer/Axios

  1. Global: Total confirmed cases as of 7 p.m. ET: 1,414,738 — Total deaths: 81,259 — Total recoveries: 298,642Map.
  2. U.S.: Total confirmed cases as of 7 p.m. ET: 387,547 — Total deaths: 12,291 — Total recoveries: 20,395Map.
  3. Federal government latest: Acting Navy secretary resigns over handling of virus-infected ship — Trump removes watchdog overseeing rollout of $2 trillion coronavirus bill.
  4. Business latest: America's food heroes in times of the coronavirus crisis. Even when the economy comes back to life, huge questions for airlines will remain.
  5. World latest: China reopens Wuhan after 10-week coronavirus lockdown.
  6. Wisconsin primary in photos: Thousands gathered to cast ballots in-person during the height of the coronavirus crisis in the U.S.
  7. 1 Olympics thing: About 6,500 athletes who qualified for the Tokyo Games will keep their spots in 2021.
  8. What should I do? Pets, moving and personal healthAnswers about the virus from Axios expertsWhat to know about social distancingQ&A: Minimizing your coronavirus risk.
  9. Other resources: CDC on how to avoid the virus, what to do if you get it.

Subscribe to Mike Allen's Axios AM to follow our coronavirus coverage each morning from your inbox.

Airline industry braces for a forever-changed world

Illustration: Sarah Grillo/Axios

The airline industry got a $58 billion lifeline in the coronavirus federal aid package. But the path is unclear for these companies, whose operations and prospects will be forever changed by the global pandemic.

Why it matters: People may want to minimize travel for the foreseeable future. Investors, analysts and industry watchers are trying to determine how much airlines will need to spend — and how much more in lost revenue they'll see — while they adapt to the new reality.

Trump denies seeing Navarro memos warning about toll of coronavirus

President Trump said at a press briefing Tuesday that he "didn't see" memos from his trade adviser Peter Navarro warning in January and February that the coronavirus crisis could kill more than half a million Americans and cost close to $6 trillion.

Why it matters: Trump insisted that despite not seeing the memos, he did "more or less" what Navarro suggested by banning non-U.S. citizens from traveling from China effective Feb. 2.