Two leading security firms investigating the 'WannaCry' cyber attack claim to have found evidence which points towards a cybergang with links to the North Korean government.
Specialists from Kaspersky and Symantec say the code used to create the ransomware is similar to that used in the hack of Sony Pictures in 2014.
They say the evidence points to a group called Lazarus, who have been known to use bitcoin in operations.
The specialists pointed out shared code doesn't necessarily mean the same culprits, but they revealed the reused code from the 2014 had vanished from later WannaCry versions, undermining arguments that the attack was a 'false flag'.
The WannaCry attack has affected more than 200,000 victims in 150 countries, and the NHS is still fighting to recover from the disruption the ransomware created.