While initially, we thought this would be a silly and unsubstantiated discovery, the number of security firms claiming they've identified and confirmed connections between the WannaCry ransomware and malware used by the Lazarus Group has now gone up to three.
These somewhat crazy rumors started on Monday when Google security researcher Neel Mehta tweeted the MD5 hashes of two malware samples.
The hashes were for a sample of the WannaCry ransomware (early beta, released in February 2017) and the Contopee backdoor, previously attributed to the Lazarus Group.
If the name sounds familiar it's because this is the codename given to a group of hackers responsible for the Sony hack, the SWIFT bank attacks, and the hacks of various other financial institutions across the world. Experts believe the group is based on North Korea and associated with the official government, mainly because of its historical focus on attacking South Korean organizations and state agencies.
Two days later after Mehta's tweet, security firms such as Kaspersky Lab, Symantec, and BAE Systems, have now put their full backing into claims that there might be a connection between North Korea's Lazarus Group and the WannaCry outbreak.
These companies make these connections based on some very skimpy claims, so they should not be taken as universal or conclusive proof that North Korea developed and released WannaCry.
According to the three companies, here are on what they base their claims on: