Cyber security researchers with Symantec and Kaspersky Lab on Monday said they uncovered technical evidence that indicates North Korea may have been involved in last weekend's international ransomware attack.
The WannaCry software used in the attack was found in programs used by the Lazarus Group, which the researchers said is a North Korean-operated hacking entity.
"This is the best clue we have seen to date as to the origins of WannaCry," Kaspersky Lab researcher Kurt Baumgartner told Reuters.
It's not clear whether North Korea was behind the attacks, but the U.S. and other countries are investigating.
The operation was the fastest-spreading extortion operation ever. The global attack infected more than 300,000 computers in 150 countries since last Friday, but slowed down by Monday.
President Trump's Cybersecurity Adviser Tom Bossert on Monday said the White House is unsure who was behind the campaign.
"We don't know. That's the attribution that we're after right now," said Bossert. "It would be very satisfying for me and for all of our viewers I think if we find them and bring them to justice."
The Lazarus hackers are believed to be behind the $81 million extortion from the Bangladesh central bank.