It’s a mystery, member of the Lurk gang admits creation of WannaCry ransomware for intelligence agencies

Pierluigi Paganini December 30, 2017

A hacker belonging to the Lurk cybercrime gang admits the creation of WannaCry ransomware and DNC hack on request of intelligence agencies.

In an interview to Dozhd TV channel, one of the members of the Lurk crime group arrested in the Russian city of Ekaterinburg, Konstantin Kozlovsky, told that he was one of the authors of the dreaded WannaCry ransomware and that the job was commissioned by intelligence agencies.

kozlovskii_ wannacry

The Lurk cybercrime gang was known in the criminal ecosystem because it developed, maintained and rent the infamous Angler Exploit Kit. A joint investigation conducted by the Russian Police and the Kaspersky Lab allowed the identification of the individuals behind the Lurk malware. The members of the Lurk cybercrime crew were arrested by Russian law enforcement in the summer of 2016.

Law enforcement arrested the suspects in June, authorities accused them of stealing around $45 million USD from Russian financial institutions by using the Lurk banking trojan.

According to the Cisco Talos researchers, after the arrests of the individuals behind the Lurk banking trojan, it has been observed a rapid disappearance of the Angler EK in the wild.

According to Kozlovsky, WannaCry was developed to target corporate networks and rapidly spread by infecting the larger number of machines. The intent was to paralyze the activities of the target organization with just ‘one button.’

“The virus was tested on computers of the Samolet Development company which is engaged in construction of housing in Moscow area. Also hackers planned to hack a network of Novolipetsk Steel and to try to stop its blast furnaces.” reported the Russian Website


Konstantin Kozlovsky, that is now being held in a pre-trial detention center, already admitted to have worked for intelligence agencies.

Earlier the hacker told that cracked servers of the Democratic party of the USA and e-mail of Hillary Clinton for the Russian Intelligence Agency FSB.

Kozlovsky explained that the actions were coordinated by Dmitry Dokuchaev from the Center of Information Security of the FSB. Dmitry Dokuchaev is one of the two Russian intelligence officers (Dmitry Dokuchaev and Igor Sushchin) charged in March by the US Justice Department along with hackers Alexsey Belan and Karim Baratov for breaking into Yahoo servers in 2014.

Dokuchaev through his lawyer denied knowing Kozlovsky.

The Kozlovsky’s story is quite strange, he is currently under the custody of Russian authorities and anyway continues to accuse the FSB also of other hacks. Is this a new disinformation campaign? Who and why is orchestraing it?

In December, the US Government attributes the massive attack Wannacry to North Korea.

The news of the attribution was first reported by The Wall Street Journal,  according to the US Government, the WannaCry attack infected millions of computers worldwide in May is an act of Information Warfare.

WannaCry infected 200,000 computers across 150 countries in a matter of hours, it took advantage of a tool named “Eternal Blue”, originally created by the NSA, which exploited a vulnerability present inside the earlier versions of Microsoft Windows. This tool was soon stolen by a hacking group named “Shadow Brokers” which leaked it to the world in April 2017.

wannacry ransomware medical devices

WannaCry ransomware on a Bayer radiology system – Source Forbes

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(Security Affairs – Lurk cybercrime gang, WannaCry)

[adrotate banner=”5″]

[adrotate banner=”13″]

you might also like

leave a comment