Earlier today we reported on Microsoft and Facebook stopping cyber attacks here in the US last week. Microsoft has since gone on to expand on this, detailing the steps taken to prevent further cyber attacks from North Korea.
Microsoft is saying the attacks were lead by "ZINC," otherwise known as the Lazarus Group, which was also responsible for WannaCry. The company says it disrupted the malware the group relies on, cleaned up customer's infected computers, and disabled accounts being used to pursue cyberattacks. Microsoft consulted with several governments to take these actions, but made the decision independently, and says it even "strengthened Windows defenses" as part of the process to prevent infection.
Last week Microsoft, working together with Facebook and others in the security community, took strong steps to protect our customers and the internet from ongoing attacks by an advanced persistent threat actor known to us as ZINC, also known as the Lazarus Group. We concluded that this threat actor was responsible for WannaCry, a destructive attack in May that targeted Microsoft customers.
The Redmond giant announced it is also pleased with the US, UK, Australia, Canada, New Zealand, and Japan for announcing that North Korea is responsible for the activities of ZINC/Lazarus. The company also felt welcomed to work with Facebook on this issue and finds that it is " essential that we act with shared responsibility to strengthen further the partnerships with the security community and governments to combat cyberattacks against civilians."