Cyber security researchers on Monday pointed to code in a “ransomware” attack that could indicate a link to North Korea.
Symantec and Kaspersky Lab each cited code that was previously used by a hacker collective known as the Lazarus Group, which was behind the high-profile 2014 hack of Sony that was also blamed on North Korea.
But the security firms cautioned that it is too early to make any definitive conclusions, in part because the code could have been merely copied by someone else for use in the current event.
The effects of the ransomware attack appeared to ease Monday, although thousands more computers, mostly in Asia, were hit as people signed in at work for the first time since the infections spread to 150 countries late last week.
Health officials in Britain, where surgeries and doctors’ appointments in its national health care system had been severely impacted Friday, were still having problems Monday.
But health minister Jeremy Hunt said it was “encouraging” that a second wave of attacks had not materialized.