A colossal cyberattack on Tuesday has been wreaking havoc on countries and corporations across the globe, and some cybersecurity experts are zeroing in on a familiar name as the possible culprit.

The attack, dubbed “Petya,” is a ransomware worm that has so far targeted, among others, Ukrainian banks and airports; Russian state-owned oil giant Rosneft; British advertising company WPP, US pharmaceutical giant Merck; and shipping company A.P. Moller-Maersk, which said every branch of its business was affected.

Analysts at several cybersecurity firms have confirmed that the Petya assault utilized a powerful and dangerous cyberweapon reated by the National Security Agency that was leaked in April by the hacker group Shadow Brokers.

Though it’s too soon to be certain, experts say it seems as though a confluence of factors may be pointing to Russian state involvement in carrying out the attack.