Now researchers at United States security firm Symantec have said there is evidence of a connection between this particular attack and previous hacks carried out by the "Lazarus Group" - a cyber criminal group with links to Kim Jong-un's regime.
Security firm Symantec now says it is "highly likely" that Lazarus is to blame, having unearthed further evidence of the re-use of code from other attacks by the group.
The cyberattack that infected hundreds of thousands of computers worldwide was "highly likely" to have originated with Lazarus, a hacking group linked to the reclusive state, Symantec said.
Unlike most other APTs, North Korea's state security apparatus is often alleged to seek to generate money by hacking foreign nations, as it also controls the manufacture and distribution of methamphetamine in the country. That attack on Sony was linked to Lazarus. Destover, was the disk wiping tool used in this attack, the same tool used in the Sony Pictures attacks.
The Shadow Brokers, the group that stole the Microsoft exploit from the US National Security Agency and leaked it online, endorsed the North Korea theory. This earlier version was nearly identical to the version used in May 2017, with the only difference the method of propagation. The US government and private companies have accused North Korea in the 2014 Sony attack.
Researchers in the US, Russia and Israel have also pointed to a potential North Korean link - but it is notoriously hard to attribute cyber attacks.
The Lazarus group could be responsible for initiating the attack and it could be that other hackers are too, but the main concern here is the security of our internet connected devices.
The intelligence community will probably take away from this that there is a possibility of splinters in the Lazarus Group or members who are interested in filling their own pockets, and that could help.
Experts monitoring violations of sanctions on North Korea for the United Nations were reportedly hit with a "sustained" cyberattack by unknown hackers earlier this month.
Beau Woods, deputy director of the Cyber Statecraft Initiative at the Atlantic Council, said that the Korean language used in some versions of the WannaCry ransom note was not that of a native speaker, making a Lazarus connection unlikely.
Cyberattacks backed by governments "are usually impeccable, they don't make rookie mistakes", said Thakur. It is also possible that the writer in question was a contractor in another country, he said. With the hacking group also blamed for theft from the Bangladeshi central bank a year ago.
The code that WannaCry shares is a backdoor trojan known as Contopee.
The small number of Bitcoin wallets used by first version of WannaCry, and its limited spread, indicates that this was not a tool that was shared across cyber crime groups.
Seasonal Coast Guard Stations Open for Summer Boating Season
The Coast Guard rescued three mariners Sunday afternoon from a boat that was taking on water in Moriches Bay, authorities said. One was using a stand-up paddleboard, the other was a kayaker who had said he had capsized, according to the fire department.