Cybersecurity agencies in the US and UK have pointed the finger at North Korea for the ransomware attack which hit the NHS.
An internal report by the US National Security Agency, which actually developed the software exploit used to attack Microsoft operating systems, blamed North Korea for the attack.
Intelligence officials cited by the Washington Post said that an internal assessment of the cyberattack attributed it with “moderate confidence” to the rogue state’s spy agency, the Reconnaissance General Bureau.
British security officials have also attributed the malware to North Korea, with that investigation being carried out by the National Cyber Security Centre (NCSC), a part of GCHQ, according to the BBC.
The UK investigation is understood to been considerably more in-depth than the US effort because of the effect that the attack had on the NHS, and because the US was not as badly affected.
Private sector researchers had already managed to reverse-engineer the software and find similarities between it and other malicious code developed by North Korea.
It is understood that the work completed by NCSC was based on a wider ranger of sources, potentially including intelligence collected by GCHQ.
The link to North Korea has not been officially confirmed by the Government due to diplomatic and intelligence issues.
Evidence that North Korea was responsible for the WannaCry ransomware has been mounting from the private sector’s cybersecurity industry.
Security company Symantec said its researchers found similarities in the code and attack infrastructure between the malicious software used in the WannaCry ransomware attacks and other attacks attributed to North Korea.
The attack, which led to the sudden closure of several accident and emergency departments in the NHS, exposed serious vulnerabilities in the way that the service approached computer security.
Some researchers had urged caution regarding the attribution of the attack to North Korea.
Kaspersky Lab warned that the repetition of code and attack infrastructure from other operations believed to have been conducted by the state could have been meant to mislead investigators.