Jon Swartz

USA TODAY

SAN FRANCISCO — The National Security Agency has an answer to Microsoft blaming it for a global ransomware attack.

In a White House press briefing on Monday, U.S. homeland security adviser Tom Bossert said the code "was not a tool developed by the NSA to hold ransom data. This was a tool developed by culpable parties, potentially criminals or foreign nation-states."

He did not address the issue of whether the original exploitable flaw the ransomware was based on came from NSA cyber tools.

How U.S. dodged a bullet in Friday's massive global ransomware attack

Microsoft on massive ransomware attack: nations must not hoard cyberweapons

Symantec later said there were indications the ransomware-inspired attack was associated with the Lazarus group, which is tied to North Korea.

On Sunday, the software giant said the WannaCry malware program that spread to more than 200,000 machines in 150 countries last weekend was the latest example of what happens when vulnerabilities stockpiled by organizations such as NSA escape into the virtual wild. The malware behind WannaCry was reported to have been stolen from the NSA in April.

"We have seen vulnerabilities stored by the CIA show up on WikiLeaks, and now this vulnerability stolen from the NSA has affected customers around the world," Brad Smith, Microsoft's chief legal counsel, said in a blog post. "Repeatedly, exploits in the hands of governments have leaked into the public domain and caused widespread damage."

The ransomware relies on a flaw in the Windows 10 code for which Microsoft issued a patch on March 14.