"THE INSTITUDE FOR CRITICAL INFRASTRUCTURE TECHNOLOGY (ICIT) * has blasted Symantec's claims that North Korea was beind the WannaCry ransomware as "premature, inconclusive and distracting. The Inquirer Quoting from a statement by James Scott, Sr. Fellow, ICIT: 'Lazarus itself has never been definitively proven to be a North Korean state-sponsored advanced persistent threat;...an abundance of evidence suggests that the Lazarus Group may be a sophisticated, well-resourced, and expansive cyber-criminal and occasional cyber-mercenary collective.... ...[T]he speed with which the ransomware took hold - raising its profile and, therefore, victims' reluctance to pay-up, as well as piquing the interest of law enforcement worldwide - combined with a series of coding shortcomings that made it easy to defeat, indicate that WannaCry wasn't the work of the most technically accomplished of malware writers... At best, WannaCry either borrowed heavily from outdated Lazarus code and failed to change elements, such as calls to command and control servers, or WannaCry was a side campaign of a minuscule subcontractor or group within the massive cyber-criminal Lazarus advanced persistent threat,.. criticised Symantec's methodology, which only monitored a 'small number of targeted WannaCry 1.0 attacks in February, March and April 2017'.. In addition, Scott claims that while Symantec highlighted some of the tools used in WannaCry associated with Lazarus, it ignored other tools used that weren't..." "https://www.theinquirer.net/inquire...nd-wannacry-ransomware-blasted-as-distracting *ICIT: http://icitech.org/ ICIT/Scott Statement: http://icitech.org/theres-proof-tha...ure-inconclusive-and-distracting-attribution/