Security researchers have documented similarities between the WannaCry code and malware created by Lazarus group, a hacking operation that has been linked to North Korea. The code similarities were discovered by Google researcher Neel Mehta on Monday. Google declined to comment.
The security firm Symantec also found links between Lazarus and WannaCry. It discovered early versions of WannaCry on systems that had been compromised by the Lazarus group's tools. These versions were different than the ransomware that spread on Friday. It is unclear whether the Lazarus group put the ransomware on those systems, or someone else did.