Security researchers have flagged a possible link between North Korea and the massive cyberattack that hit at least 150 countries around the world.
Experts say it’s still far too early to say whether North Korea was behind the outbreak of ransomware attacks that has affected hundreds of thousands of computers since Friday.
But the secretive regime has been linked to other major hacking cases in the past.
Here are some of the most high profile examples:
Banks around the world
A group with ties to North Korea is thought to be responsible for a series of attacks on financial institutions.
The most brazen assault occurred in February 2016, when $101 million was fraudulently transferred out of the Bangladesh central bank’s account at the New York Federal Reserve and moved to Sri Lanka and the Philippines. Most of the funds have not been recovered.
Security researchers later established that similar tactics had been used to attack banks in Ecuador, the Philippines and Vietnam.
But that was only part of the picture: Researchers at cybersecurity firm Kaspersky Lab said in April that a hacking group — known as “Lazarus” — also attacked financial institutions in Costa Rica, Ethiopia, Gabon, India, Indonesia, Iraq, Kenya, Malaysia, Nigeria, Poland, Taiwan, Thailand, and Uruguay.
The Lazarus hackers carefully routed their signal through France, South Korea and Taiwan to setup their attack server, according to Kaspersky.
But researchers noticed one mistake: A connection that briefly came from North Korea.
A major attack on Sony Pictures brought the movie studio to its knees in 2014.
At the time, Sony (SNE) was about to release “The Interview,” a comedy about a plot to kill North Korean leader Kim Jong-Un.
Hackers stole movie scripts, entire films, internal memos and personal information on movie stars and Sony employees. Then they wiped computers.
Clues pointed to Lazarus, and the U.S. Federal Bureau of Investigation went on to conclude that North Korea was behind the breach.
In early 2015, the White House announced a new set of economic sanctions to penalize North Korea over its involvement. The measures targeted senior regime officials.
North Korea has denied it was behind the hack.
South Korean subway system and smartphones
While some of North Korea’s hacking activities appear to be motivated by its cash shortage or personal retribution, the regime also conducts more traditional attacks on its southern neighbor.
South Korea said in December that North Korea had hacked its military intranet and leaked confidential information.
Top South Korean government officials’ smartphones were also hacked in 2016, according to the country’s spy agency. Seoul accused North Korea of stealing text messages and voice communications by “sending enticing text messages.”
Pyongyang is also suspected of turning 60,000 computers in South Korea into “zombies,” or computers that have been compromised by hackers and can then be used for cyberattacks. South Korea’s spy agency estimated that Pyongyang took control of 10,000 computers in a single month in 2015.
In 2013, networks of major South Korean banks and broadcasters were the victim of attacks traced to North Korea.