Analysts from security firms Symantec and Kaspersky revealed that they are looking into technical clues suggesting the Lazarus Group created the virus.
The ransomware - which encrypts victims' files then demands a fee to unlock them - left Britain's health service crippled as computer systems and phone lines across the country shut down on Friday.
The NHS is still struggling to get back on its feet following the attack, which means patients could have to wait a month or more to see a doctor after countless operations and appointments were cancelled.
More cyber attacks could be in the pipeline after the global havoc caused by the Wannacry ransomware, South Korean cybersecurity experts warned Tuesday as fingers pointed at the North.
More than 200,000 computers in 150 countries were hit by the ransomware attack, described as the largest ever of its kind, over the weekend.
Since Friday, banks, hospitals and state agencies have been among the victims of hackers exploiting vulnerabilities in older versions of Microsoft computer operating systems and demanding payment in the virtual currency Bitcoin.
The code used in the latest attack shared many similarities with past hacks blamed on the North, including the targeting of Sony Pictures in 2014 and the central bank of Bangladesh, said Simon Choi, director of Seoul internet security firm Hauri.
Choi, known to have vast troves of data on Pyongyang's hacking activities, has publicly warned against potential ransomware attacks by the North since last year.