UK security officials believe that hackers in North Korea were behind the cyber-attack that caused chaos for parts of the NHS and other organisations, it has been reported.
Britain's National Cyber Security Centre (NCSC) has been investigating and believe a group known as Lazarus launched the WannaCry attack, security sources told the BBC.
The hacking group is based in North Korea and is believed to have targeted Sony Pictures in 2014.
A spokesman for the NCSC told ITV News they can neither confirm or deny reports of any conclusions drawn from its investigation.
However cyber-security experts at firms such as Symantec and BAE have said that details in the WannaCry code resemble those used in other attacks believed to have been carried out by Lazarus.
What is WannaCry?
The Wanna Decryptor is malicious software that encrypts files on a computer, locks machines and demands money to release the data.
How did it affect the NHS?
The ransomware virus,affected more than 300,000 computers, with 47 trusts in England and 13 Scottish health boards compromised.
US has also linked attack to North Korea
America's National Security Agency (NSA) is also said to have "moderate confidence" that the WannaCry attack, that affected more than 300,000 people globally, is linked to Pyongyang.
The agency's assessment suggests that the attack was linked to North Korea’s intelligence agency, the Reconnaissance General Bureau, according to the Washington Post, citing US intelligence officials.
The US Computer Emergen Readiness Team has also warned of "malicious cyber activity" by the North Korean government and the link to the Lazarus group in a recent security bulletin.
But it has not been determined if the attack was ordered or sanctioned by Pyongyang and no responsibility has been claimed.