Cyber security firm Symantec have said it is "highly likely" that the recent "WannaCry" ransomware attack was carried out by North Korea.
The firm has analysed the software, which was deployed to encrypt users data and then demand payment for the files to be restored, and found lines of code that were used in both in the North Korea-linked Lazrus group's previous activity and in early versions of WannaCry.
The researchers also found that the same internet connection was used to install an early version of WannaCry on two computers and to communicate with a tool that destroyed files at Sony Pictures in 2014.
The US has put the blame for the Sony attack on North Korea as well as a number of cyber security companies.
While Symantec has not pointed the finger directly at North Korea it said it did not dispute the widely-held view that the Lazarus group works on behalf of the communist regime.
Lazarus is the name that has been given to the hacking group believed to be behind the Sony attack.
Symantec security response technical director, Vikram Thaku, said that while the attack appeared to have North Korean links it seemed that the attackers were not motivated by North Korean government objectives.
He suggested Lazarus' motives could have been purely monetary.
Fellow cybersecurity firm Kaspersky also noted several similarities between WannaCry and malware previously used by Lazarus but has stopped short of saying there was conclusive evidence that Lazarus was responsible for WannaCry.
Symantec also linked last year's theft of $81 million from the Bangladesh's central bank to Lazarus.