NotPetya was attributed to Russia. That answers an earlier question as well in case we're aware of these.
In terms of the vulnerability, I would turn that over to my Public Safety counterpart. We helped them develop the tool, but really the assessments, knowledge and information that's sent back from that would not be in our hands within the cyber centre.