IntrusionsInDepth

On May 12, 2017, a piece of code quietly executed somewhere in Asia and within hours had locked computers across 150 countries. WannaCry wasn't just a ransomware attack — it was the collision of an NSA cyber weapon, a mysterious group of leakers, a sanctioned rogue nation, and a 22-year-old malware analyst working from his bedroom. In this episode, explore the full WannaCry story — the technical execution, the geopolitical chain of custody, the chaos it caused, and the harder questions nobody fully answered: Should the NSA have disclosed the vulnerability? Was this North Korea's best effort or a mistake that escaped? And what does it mean when the most dangerous cyber weapon in history gets stopped by a $10 domain registration?

Call to Action:

• Subscribe to the podcast for more episodes on high-profile cyber intrusions.

• Visit our website at intrusionsindepth.com for additional stories and insights.

• Share your thoughts on social media using #IntrusionsInDepth.

Links and Resources:

• https://techspective.net/2017/09/26/wannacry-ransomware-detailed-analysis-attack/

• https://www.nksc.lt/doc/ENISA-WannaCry-v1.0.pdf

• https://www.elastic.co/blog/wcrywanacry-ransomware-technical-analysis

• https://www.nsa.gov/Press-Room/Press-Releases-Statements/Press-Release-View/Article/3681065/national-security-agency-announces-retirement-of-cybersecurity-director/

• https://en.wikipedia.org/wiki/WannaCry_ransomware_attack

• https://en.wikipedia.org/wiki/Tailored_Access_Operations

• https://en.wikipedia.org/wiki/Michael_Hayden_(general)

• https://upload.wikimedia.org/wikipedia/commons/7/7d/ARN30043-ATP_7-100.2-000-WEB-2_-_North_Korean_Tactics_%28July_2020%29.pdf

• https://commons.wikimedia.org/wiki/File:ARN30043-ATP_7-100.2-000-WEB-2_-_North_Korean_Tactics_(July_2020).pdf

• https://www.securityweek.com/us-army-report-describes-north-koreas-cyber-warfare-capabilities/

• https://www.cs2ai.org/post/u-s-army-report-describes-north-korea-s-cyber-warfare-capabilities

• https://cloud.google.com/blog/topics/threat-intelligence/mapping-dprk-groups-to-government

• https://www.cloudflare.com/learning/security/ransomware/wannacry-ransomware/

• https://www.darkreading.com/cyberattacks-data-breaches/three-years-after-wannacry-ransomware-accelerating-while-patching-still-problematic

• https://www.bankinfosecurity.com/blogs/wannacrys-ransom-note-great-in-chinese-poor-in-korean-p-2481

• https://trumpwhitehouse.archives.gov/briefings-statements/press-briefing-on-the-attribution-of-the-wannacry-malware-attack-to-north-korea-121917/

• https://securelist.com/wannacry-and-lazarus-group-the-missing-link/78431/

• https://www.wired.com/story/confessions-marcus-hutchins-hacker-who-saved-the-internet/

• https://en.wikipedia.org/wiki/WannaCry_ransomware_attack

• https://cloud.google.com/blog/topics/threat-intelligence/mapping-dprk-groups-to-government

• https://cloud.google.com/blog/topics/threat-intelligence/north-korea-cyber-structure-alignment-2023/

• https://www.wired.com/story/confessions-marcus-hutchins-hacker-who-saved-the-internet/

• https://darknetdiaries.com/transcript/158/

• https://www.britannica.com/biography/Kim-Yo-Jong

• https://thediplomat.com/2026/02/why-kim-ju-aes-path-to-power-is-structurally-blocked/

• https://www.tripwire.com/state-of-security/malwaretech-wannacry-kronos-understanding-connections

Books:

• The Psychology of Totalitarianism by Mattias Desmet

• The Lazarus Heist by Geoff White

• Fancy Bear Goes Phishing: The Dark History of the Information Age, in Five Extraordinary Hacks by Scott J. Shapiro

• Host: Josh Stepp

• Produced by: Josh Stepp

Thank you for tuning in to IntrusionsinDepth. Stay informed, stay safe, and see you in the next episode!