Microsoft has fired criticism at the US government for its part in Friday’s massive cyberattack that hit more than 100 countries and affected more than 100,000 organisations including the UK’s National Health Service (NHS), telecoms giant Telefonica, car manufacturers Nissan and Renault, and courier delivery service FedEx.

The words from Microsoft come following the revelation that the malware used in the cyberattack used a software from the National Security Agency (NSA) that had been stolen back in March. The ‘Wannacrypt’ software, a type of ransomware, used in the attack locks up computers and demands a bitcoin payment for access to be regained. The ransomware is using EternalBlue, an exploit that spies used to break into Windows machines.

Following the theft of the exploit, Microsoft released a security update to patch the vulnerability, however many computers remained unpatched and were hit as a result.

In a blog post, Microsoft’s president and CLO Brad Smith made it clear that Microsoft had done all it could, and turned his attention to the government and its secret services – calling out the organisations for their ‘stockpiling of vulnerabilities’ that are repeatedly leaked into the public spectrum. He would also draw parallels between the government organisations and the criminals they are fighting.

“This attack provides yet another example of why the stockpiling of vulnerabilities by governments is such a problem,” Smith said. “We have seen vulnerabilities stored by the CIA show up on WikiLeaks, and now this vulnerability stolen from the NSA has affected customers around the world. Repeatedly, exploits in the hands of governments have leaked into the public domain and caused widespread damage.

“An equivalent scenario with conventional weapons would be the U.S. military having some of its Tomahawk missiles stolen. And this most recent attack represents a completely unintended but disconcerting link between the two most serious forms of cybersecurity threats in the world today – nation-state action and organized criminal action.”

Smith would go on suggesting that governments need ‘wake-up’ and take cyberspace as seriously as they take weapons in the physical world, and renewed calls for a ‘Digital Geneva Convention’ to prevent attacks of this scale in the future.