If you ask the White House, North Korea's WannaCry attack was just the tip of the iceberg. Homeland security adviser Tom Bossert reported that Facebook and Microsoft disabled a range of North Korean online threats in the past week. Facebook removed accounts and "stopped the operational execution" of ongoing attacks, while Microsoft patched existing attacks that went beyond WannaCry. Details of just what those attacks were aren't available.
Facebook has confirmed its role. A spokesman told Reuters that it had deleted accounts associated with the Lazarus Group, the hacking team associated with WannaCry and other campaigns, and had notified users who'd had contact with those accounts. It recommended additional security measures in case they might be victims. Microsoft didn't initially comment on Bossert's statements.
Without more targeted accusations or political actions, the revelations don't accomplish much more than fueling the administration's existing arguments that North Korea is running out of time to mend its ways. We certainly wouldn't expect North Korea to change course. However, it does illustrate how comprehensive North Korea's hacking campaign really is. On top of this, it shows how major tech companies like Facebook and Microsoft are effectively being drafted into a wider political conflict -- in many cases, they're first line of defense against North Korean hacks that could prove devastating.