Cybersecurity researchers have found evidence they say could link North Korea with the WannaCry cyber attack that has infected more than 300,000 computers worldwide.
A researcher from South Korea's Hauri Labs said on Tuesday their findings matched those of Symantec and Kaspersky Lab, who said on Monday that some code in an earlier version of the WannaCry software had also appeared in programs used by the Lazarus Group, identified by some researchers as a North Korea-run hacking operation.
Both Symantec and Kaspersky said it was too early to tell whether North Korea was involved in the attacks.
The attacks, which slowed on Monday, are among the fastest-spreading extortion campaigns on record. Damage in Asia, however, has been limited.
FireEye said it was also investigating but cautious about drawing a link to North Korea.
The WannaCry worm has affected more than 200,000 Windows computers around the world since Friday. The hacking tool spreads silently between computers, shutting them down by encrypting data and then demanding a ransom of $300 to unlock them.
According to Microsoft, computers affected by the so-called "ransomware" did not have security patches for various Windows versions installed or were running Windows XP, which the company no longer supports.
WannaCry exploits a vulnerability in older versions of Windows. Microsoft issued a security update in March that stops WannaCry and other malware in Windows 7. Over the weekend the company took the unusual step of releasing a similar patch for Windows XP, which the company announced in 2014 it would no longer support.
Businesses could face legal claims if they failed to deliver services because of the attack, but Microsoft itself enjoys strong protection from lawsuits.
When Microsoft sells software it does so through a licensing agreement that states the company is not liable for any security breaches.
Also enjoying strong protection from liability over the cyber attack is the U.S. National Security Agency, whose stolen hacking tool is believed to be the basis for WannaCry.