The authors of the WannaCry malware, which infected computers in 150 countries two weeks ago, are probably from the southern mainland, Hong Kong, Taiwan or Singapore, according to Flashpoint, a US intelligence company.
Forensic linguistic analysis on the malware suggested it was written by native Chinese-speaking people with southern accents, said Flashpoint.
In a report on its website, Flashpoint, which provides global business-risk intelligence, said it came to the conclusion with “high confidence”. Earlier reports based on code analysis suggested North Korean programmers at work.
The WannaCry malware locked up data on infected computers and displayed a message in 28 languages demanding money for restoration of the data.
The hackers drafted the note in Chinese first, Flashpoint said. Based on the Chinese text, they manually wrote an English version, then converted that into other languages using Google’s translation software.
“A typo in the note, bang zu (幫組) instead of bang zhu (幫助), which means ‘help’, strongly indicates the note was written using a Chinese-language input system rather than being translated from a different version,” the report said.