A North Korean hacking group is being investigated over the WannaCry ransomware attack - the biggest in history.
Internet security firms Symantec and Kaspersky say they are looking into clues suggesting the Lazarus group created the virus.
The attack has now snared up to 300,000 victims across more than 150 countries.
Experts say so far the attackers have made just over $70,000 in ransom payments.
But while it was a Microsoft software vulnerability that made the attack possible, the computer giant is pointing the finger at the US Government's National Security Agency.
It bounced around the world in the blink of an eye.
From China's main oil company, a hospital in Indonesia and Nissan in Japan, all the way to Germany's railroads and France's Renault car company.
The attack was made possible by a software vulnerability Microsoft has known about for months.
"Microsoft hasn't been supporting their decade-old systems like Windows XP and this attack took advantage of that," says computer science professor Avi Rubin.
But the software giant is now pointing the finger at the United States' National Security Agency.
That's because it was the NSA that originally identified the flaw, but lost it when hackers broke into its system.
Microsoft's president compared the scenario to the US military having some of its tomahawk missiles stolen.
A Seattle based cyber security expert agrees the NSA should've done more.
"They could possibly figure out when these vulnerabilities are going to be discovered or leaked and they could use that to alert the vendor before it gets out but it doesn't seem like that happened in this case," says Karl Koscher.
But the attack could've been much worse, had it not been for a modest British man who found the malware "kill switch".
Twenty-two-year-old IT expert Marcus Hutchins spotted a hidden web address in the WannaCry code, and for around $14 dollars registered its domain name.
That in turn redirected the attacks to the security company he works at, and kept the ransomware from escaping.
"We think there might be more domains out there that will sort of come around in the next few weeks, but this one i think is pretty much done and dusted," he says.
As for New Zealand, the Government's cyber security agency cert says there are only unconfirmed reports of local attacks but it has warned about an emerging phone scam - people ring claiming to be from Microsoft and offering ransomware support, but then trick you into installing malware onto your computer and then demanding payment to remove it.
Newshub.
