{
	"id": "87784d70-63fc-47fe-b1fe-9746412d0854",
	"created_at": "2026-04-06T00:21:59.249665Z",
	"updated_at": "2026-04-10T03:30:33.470604Z",
	"deleted_at": null,
	"sha1_hash": "b4574babaa68092c2e04fc6c8e3190b5a7aea87a",
	"title": "British security minister says North Korea was behind WannaCry hack on NHS | The Independent",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 43650,
	"plain_text": "British security minister says North Korea was behind WannaCry\r\nhack on NHS | The Independent\r\nBy Adam Withnall\r\nPublished: 2017-10-27 · Archived: 2026-04-05 17:52:18 UTC\r\nThe British government has admitted publicly for the first time that it is all but certain North Korea carried out the\r\n\"WannaCry\" malware attack which devastated NHS IT systems in May.\r\nA report released by the National Audit Office (NAO) on Friday found that hospital trusts were left vulnerable to\r\nthe attack because basic recommendations on cyber-security were not followed.\r\nSpeaking on the BBC's Today programme, the security minister Ben Wallace said the government now believes a\r\nNorth Korean hacking group was responsible, but stopped short of suggesting the UK could carry out retaliatory\r\nattacks.\r\n\"This attack, we believe quite strongly that this came from a foreign state,\" Mr Wallace said. Adding that the state\r\ninvolved was \"North Korea\", he said: \"We can be as sure as possible. I obviously can’t go into the detail of\r\nintelligence, but it is widely believed in the community and across a number of countries that North Korea had\r\ntaken this role.\"\r\nAsked what the UK could do in response to the attack, the minister admitted that it would be \"challenging\" to\r\narrest anyone when a \"hostile state\" was involved.\r\nHe called on the West to instead develop a \"doctrine of deterrent\" similar to that used to prevent the use of nuclear\r\nweapons. \"We do have a counter attack capability,\" he said. \"But let's remember we are an open liberal democracy\r\nwith a large reliance on IT systems. We will obviously have a different risk appetite. If you get into tit for tat there\r\nhas to be serious consideration of the risk we would expose UK citizens to.\"\r\nEarlier an independent investigation concluded that the cyber attack which crippled parts of the NHS could have\r\nbeen prevented if \"basic IT security\" measures had been taken.\r\nThe head of the NAO warned the health service and Department of Health to \"get their act together\" in the wake\r\nof the WannaCry crisis, or risk suffering a more sophisticated and damaging future attack.\r\nThe NAO's probe found that almost 19,500 medical appointments, including 139 potential cancer referrals, were\r\nestimated to have been cancelled, with five hospitals having to divert ambulances away after being locked out of\r\ncomputers on 12 May.\r\nThe malware is believed to have infected machines at 81 health trusts across England – a third of the 236 total,\r\nplus computers at almost 600 GP surgeries, the NAO found.\r\nhttp://www.independent.co.uk/news/uk/home-news/wannacry-malware-hack-nhs-report-cybercrime-north-korea-uk-ben-wallace-a8022491.html\r\nPage 1 of 2\n\nAll were running computer systems – the majority Windows 7 – that had not been updated to secure them against\r\nsuch attacks.\r\nMr Wallace accepted that the attack could have been avoided if software had been properly updated.\r\n\"It's a salient lesson for us all that all of us, from individuals to governments to large organisations, have a role to\r\nplay in maintaining the security of our networks,\" he said.\r\nBritish systems came under attack on a weekly basis from organised criminals and \"a number\" of foreign countries\r\nwhich seek to collect intelligence or carry out a \"state-sponsored criminal attack\".\r\nExpanding on the prospect of the UK fighting back back online, he said: \"Other countries do have doctrines and\r\nmilitary thinking along that line, but the West – the United States, Europe and the United Kingdom – are much\r\nmore thoughtful about these things because, ultimately, if we were to take some action, we have to remember that\r\nsome of these states may, as we have seen with this WannaCry, strike out at the rest of our functions.\"\r\nIn a report cataloguing the failures which led to May's attack, the NAO said that while the health service's IT arm\r\nNHS Digital had issued \"critical alerts\" about WannaCry in March and April, the DoH had \"no formal\r\nmechanism\" to determine whether local NHS organisations had taken any action.\r\nNAO head Sir Amyas Morse said: \"There are more sophisticated cyber threats out there than WannaCry so the\r\nDepartment (of Health) and the NHS need to get their act together to ensure the NHS is better protected against\r\nfuture attacks.\"\r\nMore than 300,000 computers in 150 countries were infected with the WannaCry ransomware.\r\nIt crippled organisations from government agencies and global companies by targeting computers with outdated\r\nsecurity.\r\nAdditional reporting by agencies\r\nSource: http://www.independent.co.uk/news/uk/home-news/wannacry-malware-hack-nhs-report-cybercrime-north-korea-uk-ben-wallace-a802\r\n2491.html\r\nhttp://www.independent.co.uk/news/uk/home-news/wannacry-malware-hack-nhs-report-cybercrime-north-korea-uk-ben-wallace-a8022491.html\r\nPage 2 of 2",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"Malpedia",
		"ETDA"
	],
	"references": [
		"http://www.independent.co.uk/news/uk/home-news/wannacry-malware-hack-nhs-report-cybercrime-north-korea-uk-ben-wallace-a8022491.html"
	],
	"report_names": [
		"wannacry-malware-hack-nhs-report-cybercrime-north-korea-uk-ben-wallace-a8022491.html"
	],
	"threat_actors": [
		{
			"id": "75108fc1-7f6a-450e-b024-10284f3f62bb",
			"created_at": "2024-11-01T02:00:52.756877Z",
			"updated_at": "2026-04-10T02:00:05.273746Z",
			"deleted_at": null,
			"main_name": "Play",
			"aliases": null,
			"source_name": "MITRE:Play",
			"tools": [
				"Nltest",
				"AdFind",
				"PsExec",
				"Wevtutil",
				"Cobalt Strike",
				"Playcrypt",
				"Mimikatz"
			],
			"source_id": "MITRE",
			"reports": null
		}
	],
	"ts_created_at": 1775434919,
	"ts_updated_at": 1775791833,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/b4574babaa68092c2e04fc6c8e3190b5a7aea87a.pdf",
		"text": "https://archive.orkl.eu/b4574babaa68092c2e04fc6c8e3190b5a7aea87a.txt",
		"img": "https://archive.orkl.eu/b4574babaa68092c2e04fc6c8e3190b5a7aea87a.jpg"
	}
}