A top cyber-security firm is investigating whether North Korea could be linked to attacks on banks in recent months.
Symantec said it had evidence that the same group attempted to steal money from a bank in the Philippines, one in Vietnam and Bangladesh's central bank.
It also said the rare malware deployed was similar to that used in the hacking of Sony Pictures in 2014.
The US government said North Korea was behind the Sony hack.
If North Korea is found to be behind the bank attacks, it would be the first time a country has been detected stealing money in a cyber-attack, Symantec's technical director Eric Chien told Reuters.
In February this year, hackers stole $81m (£55m) from the central bank of Bangladesh.
According to Symantec, it was the same group that attempted to steal $1m from the Tien Phong Bank in Vietnam and attacked a bank in the Philippines.
In addition, the code shares similarities with malware used by the group known as Lazarus which has been accused of various attacks on the US and South Korea, including the attacks against Sony Pictures Entertainment.
On the internet, no-one knows if you are a dog and they have an equally difficult time working out what kind of cyber thief you are too.
It is common for online criminals to take attack code from other groups and bend it to their own malign purposes. They do it to cover their tracks and because what worked well against one target might work for them too.
That code-sharing is less true when it comes to nation-state attacks which is why some security firms will name those they believe are behind these relatively rare intrusions. Typically the code used in these attacks is more about stealthy spying than outright theft so is less useful to those after cash.
But that is not the case here as the code has been used to target bank networks and go after huge amounts of money. But it is difficult to be sure because code is code and once it is widely disseminated online it becomes harder to see who is behind the keyboard.