Investigators want to know who launched the global WannaCry ransomware attack, and some experts think the group could be linked to North Korea.
A security researcher for Google appears to be the first to have noticed the link.
He found that computer code used in an early version of WannaCry matched code used by the Lazarus group, which has been tied to the North Korean government.
Lazarus is probably best known for hacking Sony Pictures in 2014 in an apparent protest against the movie "The Interview."
And last year, the group was accused of stealing $81 million from a bank in Bangladesh.
Just hours after the Google researcher's discovery, cybersecurity firms Kaspersky Lab and Symantec confirmed they also detected similarities in the codes.
But experts say it's too early to blame the WannaCry attack on North Korean hackers.
Computer codes are often shared among different groups, so the matching code isn't definitive proof Lazarus was behind the cyberattack.