North Korea has never admitted any involvement in the Sony Pictures hack - and while security researchers, and the U.S. government, have confidence in the theory, neither can rule out the possibility of a false flag, it said.
The code used in the latest attack shared many similarities with past hacks blamed on the North, including the targeting of Sony Pictures, said Simon Choi, director of Seoul internet security firm Hauri.
Even if the perpetrators can be identified, bringing them to justice could be another matter.
His findings is similar to those of Symantec Corporation (NASDAQ: SYMC) and Kaspersky Lab.
While the attacks have raised concerns for cyber authorities and end-users worldwide, they have helped cybersecurity stocks as investors bet governments and corporations will spend more to upgrade their defences.
If North Korea, believed to be training cyberwarriors at schools, is indeed responsible for the latest attack, Choi said the world should stop underestimating its capabilities and work together to think of a new way to respond to cyber threats, such as having China pull the plug on North Korea's internet.
WannaCry, developed in part with hacking techniques that were either stolen or leaked from the U.S. National Security Agency, has infected more than 300,000 computers since Friday, locking up their data and demanding a ransom payment to release it. President Donald Trump's homeland security adviser has a message to those blaming USA intelligence agencies for the cyberattack encircling the globe: Don't point a finger at the National Security Agency. People in at least 150 countries have been impacted and at least 200,000 machines infected.
He said based on his conversations with North Korean hackers, the reclusive state had been developing and testing ransomware programmes since August.
Cyber security researchers around the world have said they have found evidence that could link North Korea with the WannaCry cyberattack.
In 2013, networks of major South Korean banks and broadcasters were the victim of attacks traced to North Korea.
In Europe, stock markets were generally flat, although there were no hacker-linked disruptions in early trading. Among the hot stocks were firms selling online protection services.
In France, automaker Renault said one of its plants was closed on Monday as a "preventive step" while engineers looked at the fallout from the cyberattack.
"In this case, there is a fragment of the technology that was associated with Lazarus", Clark said.
"We are anxious about the smart guys realizing what worked and what didn't, and something else coming our way that might be a little better engineered", Symantec's Clark told CBS News.
In Japan, the government's Computer Emergency Response Team said as many as 2,000 computers at 600 companies were affected by the ransomware, and the government set up a new crisis management office to deal with cyberterrorism. Kaspersky said further research can be crucial to connecting the dots.. There were fears, however, that new versions of the worm, without this vulnerability, could eventually be released. Analysts at BBC said three accounts linked to the ransom demands suggested only about $38,000 had been paid by Monday morning.
Russian President Vladimir Putin, noting the technology's link to the US spy service, said it should be "discussed immediately on a serious political level".
The worm then is likely to have spread through a channel that links computers running Microsoft Windows in a network.