Major cyber security firms are looking into clues that may connect the global "ransomware" attack known as WannaCry with programs previously attributed to North Korea.
US-based Symantec Corp and Russia's Kaspersky Lab said on Monday were trying to draw a line between the rogue state and the deployment of the malware widely understood to have been built by the US National Security Agency.
The two companies said some code in an earlier version of the WannaCry - or WannaCrypt - ransomware had also appeared in programs used by the Lazarus Group, which researchers from many companies said is run by North Korea.
The ransomware virus has encrypted data on hundreds of thousands of computers since Friday and demanded users pay money to regain control of their machines.
The North Korean mission to the United Nations was not immediately available for comment.
Officials across the globe scrambled over the weekend to catch the culprits behind a massive ransomware worm that disrupted operations at car factories, hospitals, shops and schools, while Microsoft on Sunday pinned blame on the US government for not disclosing more software vulnerabilities.
Cyber security experts said the spread of the worm dubbed WannaCry - "ransomware" that locked up more than 200,000 computers and networks in more than 150 countries - had slowed but that the respite might only be brief amid fears new versions of the worm will strike.
In a blog post on Sunday, Microsoft President Brad Smith appeared to tacitly acknowledge what researchers had already widely concluded: The ransomware attack leveraged a hacking tool, built by the NSA, that leaked online in April.
"This is an emerging pattern in 2017," Smith wrote.
"We have seen vulnerabilities stored by the CIA show up on WikiLeaks, and now this vulnerability stolen from the NSA has affected customers around the world."
He also poured fuel on a long-running debate over how government intelligence services should balance their desire to keep software flaws secret - in order to conduct espionage and cyber warfare - against sharing those flaws with technology companies to better secure the internet.
"This attack provides yet another example of why the stockpiling of vulnerabilities by governments is such a problem," Smith wrote.
He added that governments around the world should "treat this attack as a wake-up call" and "consider the damage to civilians that comes from hoarding these vulnerabilities and the use of these exploits."
The NSA and White House have not responded to requests for comment about the Microsoft statement however a Homeland Security spokesman said no US government computers had been affected by the attack.
- With Reuters