South Korea fires at suspected drone at border with North amid missile crisis

Ballistic rocket is seen launching during a drill by the Hwasong artillery units of the KPA Strategic Force, July 2016. KCNA/via REUTERS

By Ju-min Park and Christine Kim

SEOUL (Reuters) – South Korea’s military fired warning shots at a suspected drone from North Korea on Tuesday amid tension over Pyongyang’s latest missile test which drew international condemnation and a warning from China.

The identity of the object remained unclear, the military said, but Yonhap news agency said it was possibly a drone, more than 90 shots were fired in return and it disappeared from radar screens.

The incursion came with tension already high on the Korean peninsula after the North’s test-launch of a ballistic missile test on Sunday which Pyongyang said proved advances in its pursuit of building a nuclear-tipped weapon that can hit U.S. targets.

The United States has been trying to persuade China, North Korea’s lone major ally, to do more to rein in North Korea, which has conducted dozens of missile launches and tested two nuclear bombs since the start of last year, in defiance of U.N. Security Council sanctions and resolutions.

The North has made no secret of its plans to develop a missile capable of striking the United States and has ignored calls to halt its weapons programs, even from China. It says the program is necessary to counter U.S. aggression.

“We urge North Korea to not do anything to again violate U.N. Security Council resolutions,” Chinese Foreign Minister Wang Yi said in a statement posted on the Foreign Ministry’s website on Tuesday.

“At the same time, we hope all parties can maintain restraint, not be influenced by every single incident, …persist in carrying out Security Council resolutions on North Korea and persevere with the resolution of the issue through peaceful means, dialogue and consultation.”

Wang was responding to reporters’ questions on Monday while in Ivory Coast, according to the statement.

The North’s official KCNA news agency, citing the spokesman for the foreign ministry, said the country had “substantially displayed” the capabilities for mounting a nuclear attack on Hawaii and Alaska and had built full capabilities for attacking the U.S. mainland.

U.S. and South Korean officials and experts believe the North is several years away from having such a capability.

North Korea said on Monday that Sunday’s launch met all technical requirements that could allow mass-production of the missile, which it calls the Pukguksong-2.

The test was North Korea’s second in a week and South Korea’s new liberal government said it dashed its hopes for peace on the peninsula.

The U.N. Security Council condemned the launch and again expressed its concern over the North’s behavior. The Security Council is due to meet behind closed doors later on Tuesday.

North Korea’s recent missile tests were a legitimate act of self-defense by a “fully-fledged nuclear power”, North Korean diplomat Ju Yong Chol told the U.N. Conference on Disarmament in Geneva on Tuesday.

“It is the United States’ hostile policy and its aggressive joint military drills, nuclear threats and military build-up around the Korean peninsula that really aggravates the situation on the Korean peninsula and the region and which compels the DPRK to also up its nuclear deterrence,” he said.

DPRK are the initials for the North’s official name, the Democratic People’s Republic of Korea. Ju was the only speaker at the forum who did not begin his remarks by offering condolences to Britain for the victims of Monday night’s bomb attack at a concert in Manchester.

The South Korean military did not say if the unidentified object was hit by the warning shots on Tuesday, but it disappeared from military radar.

North Korea has previously sent drones into South Korean airspace, with some crashing. In January 2016, South Korea fired warning shots at a suspected drone which turned back.

U.S. President Donald Trump has warned that a “major, major conflict” with North Korea is possible over its weapons programs, although U.S. officials say tougher sanctions, not military force, are the preferred option to counter the North Korean threat.

(Additional reporting by Michael Martina in Beijing and Tom Miles in Geneva; Editing by Nick Macfie and Jack Kim)

North Korea says missile ready for mass-production, U.S. questions progress

The scene of the intermediate-range ballistic missile

By Ju-min Park and Phil Stewart

SEOUL/WASHINGTON (Reuters) – North Korea said on Monday it successfully tested what it called an intermediate-range ballistic missile, which met all technical requirements and could now be mass-produced, although U.S. officials and experts questioned the extent of its progress.

The United States, which has condemned repeated North Korean missile launches, said Sunday’s launch of what North Korea dubbed the Pukguksong-2 was of a “medium-range” missile, and U.S.-based experts doubted the reliability of the relatively new solid-fuel type after so few tests.

U.S. officials, who spoke on condition of anonymity, said the test did not demonstrate a new capability, or one that could threaten the United States directly. But the test was North Korea’s second in a week and South Korea’s new liberal government said it dashed its hopes for peace.

U.S. officials have been far less sanguine about the test of a long-range KN-17, or Hwasong-12, missile just over a week ago, which U.S. officials believe survived re-entry to some degree.

North Korea said that launch tested the capability to carry a “large-size heavy nuclear warhead” and put the U.S. mainland within “sighting range.”

Western experts say that test did appear to have advanced North Korea’s aim of developing an intercontinental ballistic missile capable of reaching the U.S. mainland, even if it is still some way off from achieving that capability.

The U.N. Security Council is due to meet on Tuesday behind closed doors to discuss the latest test, which defies Security Council resolutions and sanctions. The meeting was called at the request of the United States, Japan and South Korea.

Washington has been trying to persuade China to agree to new sanctions on North Korea, which has conducted dozens of missile firings and tested two nuclear bombs since the start of last year.

U.S. President Donald Trump has warned that a “major, major conflict” with North Korea is possible over its weapons programs, although U.S. officials say tougher sanctions, not military force, are the preferred option.

North Korea’s state news agency, KCNA, said the latest missile test was supervised by leader Kim Jong Un and verified the reliability of Pukguksong-2’s solid-fuel engine, stage separation and late-stage guidance for a nuclear warhead. It said data was recorded by a device mounted on the warhead.

‘PRIDE’

“Saying with pride that the missile’s rate of hits is very accurate and Pukguksong-2 is a successful strategic weapon, he (Kim) approved the deployment of this weapon system for action,” KCNA said.

“Now that its tactical and technical data met the requirements of the Party, this type of missile should be rapidly mass-produced in a serial way … he said.”

KCNA said Kim was able to view the Earth from a camera mounted on the missile. “Supreme leader Kim Jong Un said it feels grand to look at the Earth from the rocket we launched and the entire world looks so beautiful,” KCNA said.

South Korea’s military said the missile flew about 500 km (310 miles), reaching an altitude of 560 km (350 miles).

The South’s military said the test would have provided more “meaningful data” for North Korea’s missile program, but further analysis was needed to determine whether Pyongyang had mastered the technology needed to stop the warhead burning up on re-entering the Earth’s atmosphere.

U.S.-based experts said it would have a maximum range of about 1,500 km (930 miles) and questioned North Korea’s assertion that the reliability of the solid-fuel missile had been proven, given limited testing.

“Entering mass production this early in the development phase is risky, but perhaps a risk North Korea feels comfortable managing,” said Michael Elleman of the International Institute for Strategic Studies.

Jeffrey Lewis, of the California-based Middlebury Institute of International Studies, said North Korea would probably continue to test the missile after deployment, fixing flaws as they emerged.

The use of solid fuel presents advantages for weapons because it is more stable and can be transported easily allowing for a launch at very short notice from mobile launchers.

Developing longer-range solid fuel missiles was a highly complicated and would “take time, lots of it,” Elleman said, but North Korea’s solid fuel missiles pose a threat to South Korea and Japan and the tens of thousands of U.S. troops based in both countries.

On Sunday U.S. Secretary of State Rex Tillerson termed North Korea’s missile testing “disappointing, disturbing” and said economic and diplomatic pressure would continue.

Japan’s chief Cabinet secretary, Yoshihide Suga, said on Monday it was important to cut North Korea’s foreign currency earnings and to block shipments and technology transfers that aid North Korea’s nuclear missile development.

China repeated its call for all parties to exercise restraint and not let tension mount further.

On Monday, South Korea’s Unification Ministry spokesman Lee Duk-haeng said while Seoul would respond firmly to any North Korean “provocations”, “it would not be desirable to have ties between the South and the North severed.”

(Additional reporting by Kaori Kaneko in Tokyo, Ben Blanchard in Beijing and David Brunnstrom and Matt Spetalnick in Washington; Editing by Nick Macfie and Peter Cooney)

New ferry links North Korea and Russia despite U.S. calls for isolation

The North Korean ferry, the Mangyongbong, is docked in the port of the far eastern city of Vladivostok, Russia, May 18, 2017. REUTERS/Yuri Maltsev

By Valeria Fedorenko

VLADIVOSTOK, Russia (Reuters) – A new ferry between isolated North Korea and Russia docked for the first time at the Pacific port of Vladivostok on Thursday, in spite of U.S. calls for countries to curtail relations with Pyongyang over its nuclear and missile programs.

The launch of the weekly service linking Vladivostok and the North Korean port of Rajin also came despite North Korea’s test-firing of a new type of ballistic missile on Sunday that landed in the sea near Russia.

The ferry’s Russian operators say it is purely a commercial venture, but the service’s launch coincides with what some experts say is a drive by North Korea to build ties with Moscow in case its closest ally China turns its back.

The service is pitched at Chinese tourists wanting to travel by sea to the Pacific port of Vladivostok, according to the operators.

China has no ports on the Sea of Japan, so traveling to North Korea and on to Vladivostok is the quickest way of reaching Vladivostok by sea.

“It’s our business, of our company, without any state subsidies, involvement and help,” Mikhail Khmel, the deputy director of Investstroytrest, the Russia firm operating the ferry, told reporters.

The new ferry link comes in spite of recent calls by U.S. Secretary of State Rex Tillerson for countries to fully implement U.N. sanctions and review their ties with North Korea to pressure it to give up its weapons programs.

“We call on all nations to fully implement U.N. Security Council Resolutions, and sever or downgrade diplomatic and commercial relations with North Korea,” a spokeswoman for the U.S. State Department, Katina Adams, said when asked about the new ferry service.

Adams noted Russia’s “obligation” under U.N. Security Council resolutions, “to inspect all cargo, including personal luggage, of any individual traveling to or from” North Korea.

Journalists were unable to see passengers disembarking from the North Korean-flagged vessel Mangyongbong at Vladivostok because Russian officials kept them away from the quayside, citing unspecified security reasons.

But Reuters television was able to speak to three passengers, who said they were representatives of Chinese tourism agencies.

One of the passengers showed a photograph on her smartphone she said had been taken on board. It showed a plaque with an inscription in Korean which, she said, bore the name of North Korea’s long-dead founder Kim Il Sung.

The United States has been discussing possible new U.N. sanctions on North Korea with China, which disapproves of North Korea’s development of nuclear weapons and ballistic missiles to deliver them, but remains its main trading partner.

Washington is looking to toughen U.N. sanctions to cut off Pyongyang’s sources of funding and to block smuggling of materials needed for its weapons programs.

Russia, especially the port of Vladivostok, is home to one of the largest overseas communities of North Koreans, who send home much-needed hard currency.

To date, there are no signs of a sustainable increase in trade between Russia and North Korea, but Russia has taken a more benign stance toward Pyongyang that other major powers.

Speaking in Beijing this week, Russian President Vladimir Putin said Moscow was against North Korea’s nuclear program, but that the world should talk to Pyongyang instead of threatening it.

Asked about the ferry, Russian Foreign Ministry spokeswoman Maria Zakharova said on Thursday she “didn’t see a connection” between the new service and political issues.

(Reporting by Valeria Fedorenko; additional reporting by David Brunnstrom; Writing by Maria Tsvetkova; Editing by Phil Berlowitz)

China installs rocket launchers on disputed South China Sea island: report

FILE PHOTO: Chinese dredging vessels are purportedly seen in the waters around Fiery Cross Reef in the disputed Spratly Islands in the South China Sea in this still image from video taken by a P-8A Poseidon surveillance aircraft provided by the United States Navy May 21, 2015. REUTERS/U.S. Navy/Handout via Reuters

BEIJING (Reuters) – China has installed rocket launchers on a disputed reef in the South China Sea to ward off Vietnamese military combat divers, according to a state-run newspaper, offering new details on China’s ongoing military build-up.

China has said military construction on the islands it controls in the South China Sea will be limited to necessary defensive requirements, and that it can do what it likes on its own territory.

The United States has criticized what it has called China’s militarization of its maritime outposts and stressed the need for freedom of navigation by conducting periodic air and naval patrols near them that have angered Beijing.

The state-run Defense Times newspaper, in a Tuesday report on its WeChat account, said Norinco CS/AR-1 55mm anti-frogman rocket launcher defense systems with the capability to discover, identify and attack enemy combat divers had been installed on Fiery Cross Reef in the Spratly Islands.

Fiery Cross Reef is administered by China but also claimed by the Philippines, Vietnam and Taiwan.

The report did not say when the defense system was installed, but said it was part of a response that began in May 2014, when Vietnamese divers installed large numbers of fishing nets in the Paracel Islands.

China has conducted extensive land reclamation work at Fiery Cross Reef, including building an airport, one of several Chinese-controlled features in the South China Sea where China has carried out such work.

More than $5 trillion of world trade is shipped through the South China Sea every year. Besides China’s territorial claims in the area, Vietnam, Malaysia, Brunei, the Philippines and Taiwan have rival claims.

(Reporting by Philip Wen; Editing by Ben Blanchard)

Chinese state media says U.S. should take some blame for cyber attack

A hooded man holds a laptop computer as blue screen with an exclamation mark is projected on him in this illustration picture taken on May 13, 2017. REUTERS/Kacper Pempel/Illustration

BEIJING (Reuters) – Chinese state media on Wednesday criticized the United States for hindering efforts to stop global cyber threats in the wake of the WannaCry “ransomware” attack that has infected more than 300,000 computers worldwide in recent days.

The U.S. National Security Agency (NSA) should shoulder some blame for the attack, which targets vulnerabilities in Microsoft Corp <MSFT.O> systems and has infected some 30,000 Chinese organizations as of Saturday, the China Daily said.

“Concerted efforts to tackle cyber crimes have been hindered by the actions of the United States,” it said, adding that Washington had “no credible evidence” to support bans on Chinese tech firms in the United States following the attack.

The malware attack, which began on Friday and has been linked by some researchers to previous hits by a North Korean-run hacking operation, leveraged a tool built by the NSA that leaked online in April, Microsoft says.

It comes as China prepares to enforce a wide-reaching cyber security law that U.S. business groups say will threaten the operations of foreign firms in China with strict local data storage laws and stringent surveillance requirements.

China’s cyber authorities have repeatedly pushed for what they call a more “equitable” balance in global cyber governance, criticizing U.S. dominance.

The China Daily pointed to the U.S. ban on Chinese telecommunication provider Huawei Technologies Co Ltd [HWT.UL], saying the curbs were hypocritical given the NSA leak.

Beijing has previously said the proliferation of fake news on U.S. social media sites, which are largely banned in China, is a reason to tighten global cyber governance.

The newspaper said that the role of the U.S. security apparatus in the attack should “instill greater urgency” in China’s mission to replace foreign technology with its own.

The state-run People’s Daily compared the cyber attack to the terrorist hacking depicted in the U.S. film “Die Hard 4”, warning that China’s role in global trade and internet connectivity opened it to increased risks from overseas.

The fast-spreading cyber extortion campaign eased for second day on Tuesday, but the identity and motive of its creators remain unknown.

(Reporting by Cate Cadell; Editing by Nick Macfie)

China hit by cyber virus, Europe warns of more attacks

A hooded man holds a laptop computer as blue screen with an exclamation mark is projected on him in this illustration picture taken on May 13, 2017.

By Cate Cadell and Guy Faulconbridge

BEIJING/LONDON (Reuters) – The WannaCry “ransomware” cyber attack hobbled Chinese traffic police and schools on Monday as it rolled into Asia for the new work week, while authorities in Europe said they were trying to prevent hackers from spreading new versions of the virus.

In Britain, where the virus first raised global alarm when it caused hospitals to divert ambulances on Friday, it gained traction as a political issue just weeks before a general election. The opposition Labour Party accused the Conservative government of leaving the National Health Service vulnerable.

Shares in firms that provide cyber security services rose with the prospect that companies and governments would have to spend more money on defenses.

Some victims were ignoring official advice and paying the $300 ransom demanded by the cyber criminals to unlock their computers, which was due to double to $600 on Monday for computers hit by Friday’s first wave.

Brian Lord, managing director of cyber and technology at cybersecurity firm PGI, said victims had told him “the customer service provided by the criminals is second to none”, with helpful advice on how to pay: “One customer said they actually forgot they were being robbed.”

Although the virus’s spread was curbed over the weekend in most of the world, France, where carmaker Renault was among the world’s highest profile victims, said more attacks were likely.

“We should expect similar attacks regularly in the coming days and weeks,” said Giullaume Poupard, head of French government cyber security agency ANSSI. “Attackers update their software … other attackers will learn from the method and will carry out attacks.”

Companies and governments spent the weekend upgrading software to limit the spread of the virus. Monday was the first big test for Asia, where offices had already mostly been closed for the weekend before the attack first arrived.

British media were hailing as a hero a 22-year-old computer security whiz who appeared to have helped stop the attack from spreading by discovering a “kill switch” – an internet address which halted the virus when activated.

SPREAD SLOWING

China appeared over the weekend to have been particularly vulnerable, raising worries about how well the world’s second largest economy would cope when it opened for business on Monday. However, officials and security firms said the spread was starting to slow.

“The growth rate of infected institutions on Monday has slowed significantly compared to the previous two days,” said Chinese Internet security company Qihoo 360. “Previous concerns of a wide-scale infection of domestic institutions did not eventuate.”

Qihoo had previously said the attack had infected close to 30,000 organizations by Saturday evening, more than 4,000 of which were educational institutions.

The virus hit computers running older versions of Microsoft software that had not been recently updated. Microsoft released patches last month and on Friday to fix a vulnerability that allowed the worm to spread across networks.

In a blog post on Sunday, Microsoft & President Brad Smith appeared to tacitly acknowledge what researchers had already widely concluded: the attack made use of a hacking tool built by the U.S. National Security Agency that had leaked online in April.

Infected computers appear to largely be out-of-date devices that organizations deemed not worth the price of upgrading. Some have also been machines involved in manufacturing or hospital functions, difficult to patch without disrupting operations.

“The government’s response has been chaotic, to be frank,” the British Labour Party’s health spokesman Jon Ashworth said. “They’ve complacently dismissed warnings which experts, we now understand, have made in recent weeks.”

“The truth is, if you’re going to cut infrastructure budgets and if you’re not going to allow the NHS to invest in upgrading its IT, then you are going to leave hospitals wide open to this sort of attack.”

Britain’s National Health Service (NHS) is the world’s fifth largest employer after the U.S. and Chinese militaries, Walmart and McDonald’s. The government says that under a previous Labour administration the trusts that run local hospitals were given responsibility to manage their own computer systems.

WARNINGS GIVEN

Asked if the government had ignored warnings over the NHS being at risk from cyber attack, Prime Minister Theresa May told Sky News: “No. It was clear [that] warnings were given to hospital trusts.”

An official from Cybersecurity Administration China (CAC) told local media on Monday that while the ransomware was still spreading and had affected industry and government computer systems, the spread was slowing.

Chinese government bodies from transport, social security, industry watchdogs and immigration said they had suspended services ranging from processing applications to traffic crime enforcement.

It was not immediately clear whether those services were suspended due to attacks, or for emergency patching to prevent infection.

“If a system supports some kind of critical processes those systems typically are very hard to patch … We don’t have a precedent for something of this scale (in China),” said Marin Ivezic, a cybersecurity expert at PwC in Hong Kong.

Affected bodies included a social security department in the city of Changsha, the exit-entry bureau in Dalian, a housing fund in Zhuhai and an industry watchdog in Xuzhou.

Energy giant PetroChina  said payment systems at some of its petrol stations were hit, although it had been able to restore most of the systems.

Elsewhere in Asia, the impact seems to have been more limited. Japan’s National Police Agency reported two breaches of computers in the country on Sunday – one at a hospital and the other case involving a private person – but no loss of funds.

Industrial conglomerate Hitachi Ltd. said the attack had affected its systems at some point over the weekend, leaving them unable to receive and send e-mails or open attachments in some cases.

In India, the government said it had only received a few reports of attacks on systems and urged those hit not to pay attackers any ransom. No major Indian corporations reported disruptions to operations.

At Indonesia’s biggest cancer hospital, Dharmais Hospital in Jakarta, around 100-200 people packed waiting rooms after the institution was hit by cyber attacks affecting scores of computers. By late morning, some people were still filling out forms manually, but the hospital said 70 percent of systems were back online.

South Korea’s presidential Blue House office said nine cases of ransomware were found in the country, but did not provide details on where the cyber attacks were discovered. A coal port in New Zealand shut temporarily to upgrade its systems.

(Writing by Peter Graff, editing by Peter Millership)

Global cyber attack slows but experts see risk of fresh strikes

An ambulance waits outside the emergency department at St Thomas' Hospital in central London, Britain May 12, 2017. REUTERS/Stefan Wermuth

By Jeremy Wagstaff and Eric Auchard

SINGAPORE/FRANKFURT (Reuters) – A global cyber attack described as unprecedented in scale forced a major European automaker to halt some production lines while hitting schools in China and hospitals in Indonesia on Saturday, though it appeared to die down a day after its launch.

Capitalizing on spying tools believed to have been developed by the U.S. National Security Agency, the cyber assault has infected tens of thousands of computers in nearly 100 countries, with Britain’s health system suffering the worst disruptions.

Cyber extortionists tricked victims into opening malicious malware attachments to spam emails that seemed to contain invoices, job offers, security warnings and other legitimate files.

Once inside the targeted network, so-called ransomware made use of recently revealed spy tools to silently infect other out-of-date machines without any human intervention. This, security experts said, marked an unprecedented escalation in the risk of fresh attacks spreading in the coming days and weeks.

The ransomware encrypted data on the computers, demanding payments of $300 to $600 to restore access. Researchers observed some victims paying via the digital currency bitcoin, though no one knows how much may have been transferred to extortionists because of the largely anonymous nature of such transactions.

Researchers with security software maker Avast said they had observed 126,534 ransomware infections in 99 countries, with Russia, Ukraine and Taiwan the top targets.

The hackers, who have not come forward to claim responsibility or otherwise been identified, took advantage of a worm, or self-spreading malware, by exploiting a piece of NSA spy code known as “Eternal Blue” that was released last month by a hackers group known as the Shadow Brokers, according to researchers with several private cyber security firms.

Renault said it had halted auto production at several sites including Sandouville in northwestern France and Renault-owned Dacia plants in Romania on Saturday to prevent the spread of ransomware in its systems.

Nissan’s manufacturing plant in Sunderland, northeast England, was also affected by the cyber assault though “there has been no major impact on our business”, a spokesman for the Japanese carmaker said.German rail operator Deutsche Bahn [DBN.UL] said some electronic signs at stations announcing arrivals and departures were infected, with travelers posting pictures showing some bearing a message demanding a cash payment to restore access.

“UNPRECEDENTED” ATTACK EASES

Europol’s European Cybercrime Center said it was working closely with country investigators and private security firms to combat the threat and help victims. “The recent attack is at an unprecedented level and will require a complex international investigation to identify the culprits,” it said in a statement.

Some experts said the threat had receded for now, in part because a British-based researcher, who declined to give his name, registered a domain that he noticed the malware was trying to connect to, and so limited the worm’s spread.

“We are on a downward slope, the infections are extremely few, because the malware is not able to connect to the registered domain,” said Vikram Thakur, principal research manager at Symantec.

“The numbers are extremely low and coming down fast.”

But the attackers may yet tweak the code and restart the cycle. The researcher in Britain widely credited with foiling the ransomware’s proliferation told Reuters he had not seen any such tweaks yet, “but they will (happen).”

Researchers said the worm deployed in the latest attack, or similar tools released by Shadow Brokers, are likely to be used for fresh assaults not just with ransomware but other malware to break into firms, seize control of networks and steal data.

Finance chiefs from the Group of Seven rich countries were to commit on Saturday to joining forces to fight the growing threat of international cyber attacks, according to a draft statement of a meeting they are holding in Italy.

“Appropriate economy-wide policy responses are needed,” the ministers said in their draft statement, seen by Reuters.

HOSPITALS IN FIRING LINE

In Asia, some hospitals, schools, universities and other institutions were affected, though the full extent of the damage is not yet known because it is the weekend.

“I believe many companies have not yet noticed,” said William Saito, a cyber security adviser to Japan’s government. “Things could likely emerge on Monday” as staff return to work.

China’s information security watchdog said “a portion” of Windows systems users in the country were infected, according to a notice posted on the official Weibo page of the Beijing branch of the Public Security Bureau on Saturday. Xinhua state news agency said some secondary schools and universities were hit.

In Vietnam, Vu Ngoc Son, a director of Bkav Anti Malware, said dozens of cases of infection had been reported there, but he declined to identify any of the victims.

South Korea’s Yonhap news agency reported a university hospital had been affected, while a communications official in Indonesia said two hospitals there had been hit.

The most disruptive attacks were reported in Britain, where hospitals and clinics were forced to turn away patients after losing access to computers on Friday.

International shipper FedEx Corp said some of its Windows computers were also breached. “We are implementing remediation steps as quickly as possible,” a FedEx statement said.

Telecommunications company Telefonica was among many targets in Spain. Portugal Telecom and Telefonica Argentina both said they were also targeted.

Only a small number of U.S.-headquartered organizations were hit because the hackers appear to have begun the campaign by focusing on targets in Europe, said Thakur.

By the time they turned their attention to the United States, spam filters had identified the new threat and flagged the ransomware-laden emails as malicious, he added.

MICROSOFT BOLSTERS WINDOWS DEFENCES

Private security firms identified the ransomware as a new variant of “WannaCry” that had the ability to automatically spread across large networks by exploiting a known bug in Microsoft’s Windows operating system.

“This is one of the largest global ransomware attacks the cyber community has ever seen,” said Rich Barger, director of threat research with Splunk, one of the firms that linked WannaCry to the NSA.

The Shadow Brokers released Eternal Blue as part of a trove of hacking tools that they said belonged to the U.S. spy agency.

The attack targeted Windows computers that had not installed patches released by Microsoft in March, or older machines running software that Microsoft no longer supports and for which patches did not exist, including the 16-year-old Windows XP system, researchers said.

Microsoft said it pushed out automatic Windows updates to defend existing clients from WannaCry. It had issued a patch on March 14 to protect them from Eternal Blue. Late on Friday, Microsoft also released patches for a range of long discontinued software, including Windows XP and Windows Server 2003.

“Today our engineers added detection and protection against new malicious software known as Ransom:Win32.WannaCrypt,” Microsoft said in a statement on Friday, adding it was working with customers to provide additional assistance.

POLITICALLY SENSITIVE TIMING

The spread of the ransomware capped a week of cyber turmoil in Europe that began when hackers posted a trove of campaign documents tied to French candidate Emmanuel Macron just before a run-off vote in which he was elected president of France.

On Wednesday, hackers disrupted the websites of several French media companies and aerospace giant Airbus. The hack happened four weeks before a British general election in which national security and the management of the state-run National Health Service are important issues.

Authorities in Britain have been braced for cyber attacks in the run-up to the election, as happened during last year’s U.S. election and on the eve of the French run-off vote on May 7.

But those attacks – blamed on Russia, which has repeatedly denied them – followed a different modus operandi involving penetrating the accounts of individuals and political organizations and then releasing hacked material online.

On Friday, Russia’s interior and emergencies ministries, as well as its biggest bank, Sberbank, said they were targeted by ransomware. The interior ministry said about 1,000 computers had been infected but it had localized the virus.

Although cyber extortion cases have been rising for several years, they have to date affected small- to mid-sized organizations. “Seeing a large telco like Telefonica get hit is going to get everybody worried,” said Chris Wysopal, chief technology officer with cyber security firm Veracode.

(Additional reporting by Kiyoshi Takenaka, Jim Finkle, Eric Auchard, Jose Rodriguez, Alistair Smout, Andrea Shalal, Jack Stubbs, Antonella Cinelli, Dustin Volz, Kate Holton, Andy Bruce, Michael Holden, David Milliken, Rosalba O’Brien, Julien Toyer, Tim Hepher, Luiza Ilie, Patricia Rua, Axel Bugge, Sabine Siebold and Eric Walsh, Engen Tham, Fransiska Nangoy, Soyoung Kim, Mai Nguyen; editing by Mark Heinrich)

China says all welcome at Silk Road forum after U.S. complains over North Korea

Chinese Premier Li Keqiang meets Uzbek President Shavkat Mirziyoyev at the Great Hall of the People in Beijing, China, May 13, 2017. REUTERS/Thomas Peter

By Ben Blanchard

BEIJING (Reuters) – China welcomes all countries to a forum this weekend on China’s new Silk Road plan, the foreign ministry said on Saturday, after the United States warned China that North Korea’s attendance could affect other countries’ participation.

Two sources with knowledge of the situation said the U.S. embassy in Beijing had submitted a diplomatic note to China’s foreign ministry, saying inviting North Korea sent the wrong message at a time when the world was trying to pressure it over its repeated missile and nuclear tests.

The disagreement over North Korea threatens to overshadow China’s most important diplomatic event of the year for an initiative championed by President Xi Jinping.

Asked about the U.S. note, the foreign ministry said in a short statement sent to Reuters that it did “not understand the situation”.

“The Belt and Road initiative is an open and inclusive one. We welcome all countries delegations to attend the Belt and Road Forum for International Cooperation,” it said.

The ministry did not elaborate. It said on Tuesday North Korea would send a delegation to the summit but gave no other details.

The United States is sending a delegation led by White House adviser Matt Pottinger.

Despite Chinese anger at North Korea’s repeated nuclear and missile tests, China remains the isolated state’s most important economic and diplomatic backer, even as Beijing has signed up for tough U.N. sanctions against Pyongyang.

China has over the years tried to coax North Korea into cautious, export-oriented economic reforms, rather than sabre rattling and nuclear tests, but to little avail.

China has not announced who North Korea’s chief delegate will be, but South Korea’s Yonhap news agency said Kim Yong Jae, North Korea’s minister of external economic relations, would lead the delegation.

‘MISGIVINGS’

Leaders from 29 countries will attend the forum in Beijing on Sunday and Monday, an event orchestrated to promote Xi’s vision of expanding links between Asia, Africa and Europe underpinned by billions of dollars in infrastructure investment.

Delegates will hold a series of sessions on Sunday to discuss the plan in more detail, including trade and finance. China has given few details about attendees.

Some Western diplomats have expressed unease about both the summit and the plan as a whole, seeing it as an attempt to promote Chinese influence globally.

China has rejected criticism of the plan and the summit, saying the scheme is open to all, is a win-win and aimed only at promoting prosperity.

Zhang Junkuo, deputy director general of cabinet think-tank the State Council Development Research Centre told reporters there were “misgivings, misinterpretations and misunderstandings” about the initiative.

“We must increase communication and exchanges so as to broaden our areas of cooperation and consolidate the basis for cooperation,” Zhang said.

In an English-language commentary on Saturday, China’s state-run Xinhua news agency said the new Silk Road, officially called the Belt and Road initiative, would be a boon for developing countries that had been largely neglected by the West.

“As some Western countries move backwards by erecting ‘walls’, China is contriving to build bridges, both literal and metaphorical. These bridges are China’s important offering to the world, and a key route to improving global governance,” it said.

Some of China’s most reliable allies and partners will attend the forum, including Russian President Vladimir Putin, Pakistani Prime Minister Nawaz Sharif, Cambodian Prime Minister Hun Sen and Kazakh President Nursultan Nazarbayev.

There are also several European leaders coming, including the prime ministers of Spain, Italy, Greece and Hungary.

Xi offered Prime Minister Alexis Tsipras of deeply indebted Greece strong support on Saturday, saying the two countries should expand cooperation in infrastructure, energy and telecommunications.

(Additional reporting by Elias Glenn; Editing by Eric Meijer, Robert Birsel)

Exclusive: Indonesian Islamist leader says ethnic Chinese wealth is next target

Chairman of GNPF-MUI, Bachtiar Nasir, arrives at a police station to testify as a witness in a money laundering case at a police station in Jakarta, Indonesia February 10, 2017 in this photo taken by Antara Foto. Antara Foto/Reno Esnir/via REUTERS

By Tom Allard and Agustinus Beo Da Costa

JAKARTA (Reuters) – The leader of a powerful Indonesian Islamist organization that led the push to jail Jakarta’s Christian governor has laid out plans for a new, racially charged campaign targeting economic inequality and foreign investment.

In a rare interview, Bachtiar Nasir said the wealth of Indonesia’s ethnic Chinese minority was a problem and advocated an affirmative action program for native Indonesians, comments that could stoke tensions already running high in the world’s largest Muslim-majority nation.

“It seems they do not become more generous, more fair,” the cleric said, referring to Chinese Indonesians, in the interview in an Islamic center in South Jakarta. “That’s the biggest problem.”

Ethnic Chinese make up less than 5 percent of Indonesia’s population, but they control many of its large conglomerates and much of its wealth.

Nasir also said also that foreign investment, especially investment from China, has not helped Indonesians in general.

Indonesia, Southeast Asia’s biggest economy, is a major destination for foreign investment in the mining and retail sectors. Jakarta is also trying to lure investors for a $450 billion infrastructure drive to revive economic growth.

“Our next job is economic sovereignty, economic inequality,” said Nasir, an influential figure who chairs the National Movement to Safeguard the Fatwas of the Indonesian Ulemas Council (GNPF-MUI). “The state should ensure that it does not sell Indonesia to foreigners, especially China.”

His group organized protests by hundreds of thousands of Muslims in Jakarta late last year over a comment about the Koran made by the capital’s governor, Basuki Tjahaja Purnama, an ethnic-Chinese Christian.

Purnama was found guilty this week of blasphemy and sentenced to two years in prison, raising concerns that belligerent hardline Islamists are a growing threat to racial and religious harmony in this secular state.

Nasir, 49, used to have a late-night religious show on one of Indonesia’s biggest TV networks. His contract was ended under government pressure after his role in the first anti-Purnama rally was revealed.

He spoke calmly during the interview, identifying other religiously motivated objectives such as restricting alcohol to tourist areas, curbing prostitution and criminalizing adultery and sodomy. He insisted he believes in a pluralist Indonesia.

“PLAYING WITH FIRE”

Former President Suharto blocked Chinese Indonesians from many public posts and denied them cultural expression, forcing them to drop their Chinese names. Marginalized politically and socially, many turned to business and became wealthy.

The ethnic wealth gap has long fed resentment among poorer “pribumi”, Indonesia’s mostly ethnic-Malay indigenous people. During riots that led to the fall of Suharto in 1998, ethnic-Chinese and Chinese-owned businesses were targeted, and about 1,000 people were killed in the violence.

There has been no blood-letting on that scale since then, but tensions have remained. President Joko Widodo was the subject of a smear campaign on the campaign trail in 2014 that falsely claimed he was a Chinese descendant and a Christian.

Bonnie Triyana, a historian who has chronicled Chinese Indonesian experiences, said Nasir was “scapegoating” the Chinese.

“It’s very dangerous for our nation. It’s playing with fire,” said Triyana, who is an indigenous Indonesian. “They are spreading bad information to convince people that their role is to save the nation.”

In the interview, Nasir said “ethnic sentiment cannot be denied” when it comes to inequality, and the economic power of Chinese Indonesians needs to be addressed.

“The key is justice, and taking sides,” he said. “Justice can be applied if there is a preferential option for indigenous Indonesians from a regulation aspect and in terms of access to capital.”

Neighboring Malaysia, also a Muslim-majority nation with a wealthy Chinese minority, has long followed affirmative action policies that grant native Malays privileges, including job reservations in the civil service and discounts on property.

Johan Budi, a spokesman for Indonesian President Widodo – responding to Bachtiar’s comments – said in a statement to Reuters that income inequality is high on the government agenda and Indonesian Chinese get no special treatment.

“It is not true this allegation that President Jokowi gives wider space to ethnic Chinese in Indonesia,” Budi said, referring to Widodo by his nickname. He said Widodo’s focus is on the poor, including “indigenous people”.

According to the Credit Suisse Research Institute’s 2016 Global Wealth Report, the top 1 percent wealthiest Indonesians owned 49.3 percent of national wealth, making it among the most unequal nations in the world.

LINK TO POLITICS?

A Saudi-trained cleric, Nasir formed the GNPF-MUI last year to target Purnama, the now-convicted Jakarta governor.

Although Nasir is not as visible as the firebrand radical cleric Habib Rizieq who led last year’s protests, his group carries significant clout because it brings under one umbrella Islamist organizations that have national reach and strong links with mosques and religious schools.

GNPF-MUI includes Salafist intellectuals like Nasir, Rizieq’s Islamic Defenders Front and their urban poor constituency, along with middle class and politically connected Islamic groups.

Nasir said GNPF-MUI is a “religions movement”, not political. However, he is widely seen as allied to opposition leader Prabowo Subianto, who lost to Widodo in the 2014 election and could be a candidate for the presidency in 2019.

Greg Fealy, an expert on Indonesian Islamic groups from the Australian National University, said GNPF-MUI is developing a national agenda following the Jakarta governor’s conviction.

“They are trying to harness that movement to link the Islamist agenda with inequality. It is, in effect, targeting Chinese non-Muslims,” he said. “This is all part of a pitched battle in the run-up to 2019.”

(Edited by John Chalmers and Raju Gopalakrishnan)