"We believe this might hold the key to solve some of the mysteries around this attack", the Moscow-based cybersecurity firm Kaspersky Labs said in an analysis of a few lines of duplicated code found in an earlier version of the WannaCry virus, which was first noticed by a Google security researcher.
"The North's WannaCry report is meant to stress the attack has nothing to do with it", a source well-versed in the North said.
Experts think they have uncovered evidence that could potentially connect North Korea to the recent WannaCry cyber attack that paralyzed computers worldwide. Security expert Prof Alan Woodward said time stamps within the original WannaCry code are set to UTC +9 - China's time zone - and the text demanding the ransom uses what reads like machine- translated English, but a Chinese segment is apparently written by a native speaker, the report said.
Other industry giants such as Kaspersky Labs and Symantec concurred, but Choi cautioned against jumping to conclusions, warning the evidence is circumstantial.
Choi, known to have vast troves of data on Pyongyang's hacking activities, has publicly warned against potential ransomware attacks by the North since last year."I saw signs last year that the North was preparing ransomware attacks or even already beginning to do so, targetting some South Korean companies", he told AFP. He now advises the South Korean National Intelligence Service and police. The code used in the latest attack shared many similarities with past hacks blamed on the North, including the targeting of Sony Pictures and the central bank of Bangladesh, said Simon Choi, director of Seoul internet security firm Hauri.
"We have underestimated North Korea so far that since North Korea is poor, it wouldn't have any technologies. We should never underestimate it", Choi said. Its researcher John Miller said, "The similarities we see between malware linked to that group and WannaCry are not unique enough to be strongly suggestive of a common operator".