Microsoft Corp. said that the software tool used in the global cyber assault that began Friday came from code stolen from the U.S. National Security Agency, adding that the attack should serve as a wake-up call for governments over the risks of hoarding such digital weapons for use against their enemies.
The software giant’s statement is the most authoritative confirmation so far of the connection between the Friday attack and attack code that was disclosed in April by an anonymous group called Shadow Brokers, which said it had obtained it from the NSA. The U.S. spying agency has declined to comment on the matter.
Read: 4 tips to protect yourself from becoming a ransomware victim
In a blog post Sunday, Brad Smith, Microsoft MSFT, -0.12% president and chief legal officer, said that the U.S. espionage agency authored the software that was eventually stolen and made its way into the hands of hackers who used it in the assault that has disrupted computers in at least 150 countries. He compared it to disclosure of hacking tools in March by the WikiLeaks organization, which said it had obtained them from the Central Intelligence Agency.
“Repeatedly, exploits in the hands of governments have leaked into the public domain and caused widespread damage,” Smith wrote. “An equivalent scenario with conventional weapons would be the U.S. military having some of its Tomahawk missiles stolen.”
An expanded version of this report appears on WSJ.com.
Also popular on WSJ.com:
Former employees of Donald Trump say they saw him tape conversations.
Apple’s new headquarters is a sign of tech’s boom, bravado.