Now researchers at United States security firm Symantec have said there is evidence of a connection between this particular attack and previous hacks carried out by the "Lazarus Group" - a cyber criminal group with links to Kim Jong-un's regime.
Security firm Symantec now says it is "highly likely" that Lazarus is to blame, having unearthed further evidence of the re-use of code from other attacks by the group.
The cyberattack that infected hundreds of thousands of computers worldwide was "highly likely" to have originated with Lazarus, a hacking group linked to the reclusive state, Symantec said.
Unlike most other APTs, North Korea's state security apparatus is often alleged to seek to generate money by hacking foreign nations, as it also controls the manufacture and distribution of methamphetamine in the country. That attack on Sony was linked to Lazarus. Destover, was the disk wiping tool used in this attack, the same tool used in the Sony Pictures attacks.
The Shadow Brokers, the group that stole the Microsoft exploit from the US National Security Agency and leaked it online, endorsed the North Korea theory. This earlier version was nearly identical to the version used in May 2017, with the only difference the method of propagation. The US government and private companies have accused North Korea in the 2014 Sony attack.
Researchers in the US, Russia and Israel have also pointed to a potential North Korean link - but it is notoriously hard to attribute cyber attacks.
The Lazarus group could be responsible for initiating the attack and it could be that other hackers are too, but the main concern here is the security of our internet connected devices.
The intelligence community will probably take away from this that there is a possibility of splinters in the Lazarus Group or members who are interested in filling their own pockets, and that could help.
Experts monitoring violations of sanctions on North Korea for the United Nations were reportedly hit with a "sustained" cyberattack by unknown hackers earlier this month.
Beau Woods, deputy director of the Cyber Statecraft Initiative at the Atlantic Council, said that the Korean language used in some versions of the WannaCry ransom note was not that of a native speaker, making a Lazarus connection unlikely.
Cyberattacks backed by governments "are usually impeccable, they don't make rookie mistakes", said Thakur. It is also possible that the writer in question was a contractor in another country, he said. With the hacking group also blamed for theft from the Bangladeshi central bank a year ago.
The code that WannaCry shares is a backdoor trojan known as Contopee.
The small number of Bitcoin wallets used by first version of WannaCry, and its limited spread, indicates that this was not a tool that was shared across cyber crime groups.
Iran reformist drops out of election, supports Rouhani
That held true in 1997 with the election of reformer Seyyed Mohammad Khatami, who threw his support Monday behind Rouhani. Both have promised to create millions of jobs if elected and increase cash handouts to the poorer segments of society.
Galaxy C10 leaks, Samsung's first dual-camera smartphone
One thing Samsung compromised on to do this is by placing the Galaxy S8's fingerprint scanner on the back much to users' dismay. Earlier this month, there were rumors that a Samsung Galaxy C series smartphone will get dual-camera setup before the Note8.
Branstad confirmed as Chinese ambassador
Although his heart will always be in Iowa, I know that Governor Branstad will throw himself into this job whole-heartedly. Professor Dong says the top priority will be getting the USA and China on the same page when dealing with North Korea.