The WannaCry ransomware attack that started Friday and infected hundreds of thousands of computers has been linked to hackers aligned with North Korea, according to cybersecurity researchers. However, the evidence is not conclusive.

Researchers are keen to point out that more investigation is needed before any definitive conclusions can be drawn. The Guardian notes: “Shared code doesn’t always mean the same hacking group is responsible – an entirely different group may have simply reused Lazarus group’s backdoor code from 2015 as a ‘false flag’ to confuse anyone trying to identify the perpetrator. However, the reused code appears to have been removed from later versions of WannaCry, which according to Kaspersky gives less weight to the false flag theory.”