A large scale cyber-attack which hit 48,000 PCs and servers in South Korea has been linked back to Pyongyang, as tensions rise in the Korean peninsula.
The announcement of the findings by the Korean government on Wednesday comes just a day after North Korea warned all foreigners to leave the South immediately, hinting at an imminent nuclear war. The South responded on Wednesday, saying it had satellite imagery to prove North Korea was preparing to fire short-range missiles over the border.
The cyber-attack on 20 March hit three South Korean banks, knocking their systems offline for up to five days, as well as hitting three TV broadcasters and wiping data from PCs on their networks. In total 48,000 PC and servers were affected.
The South Korean government was initially wary of attributing blame to anyone, though all fingers immediately pointed towards Pyongyang. An early report linking an IP address in China with the attack fuelled speculation of the North's involvement, but this was subsequently retracted with the government watchdog admitting it had made a mistake.
Now however the results of an investigation by the Korea Internet Security Center at the state-run Korea Internet & Security Agency has linked the attack to six computers based in North Korea.
According to the investigation, the attack had been planned since last June and the six PCs involved had accessed servers in the South over 1,500 times, using IP addresses in other countries to hide the origin of the attack.
The investigators were able to identify 18 distinct pieces of malware (out of a total of 76) which were used in the attack that had been used in previous cyber-attacks by North Korea.
"An analysis of cyber terror access logs, malicious code and North Korean intelligence showed that the attack methods were similar to those used by the North's Reconnaissance General Bureau, which has led hacking attacks against South Korea," Lee Seung-won, an official at the Ministry of Science, ICT & Future Planning, said in a press conference according to the South Korean Yonhap News Agency.
As tensions ratchet up on the peninsula, the North will likely look to cyber-attacks to augment any physical attacks against the South, targeting critical infrastructure in a country which is one of the most connected in the world.
On the contrary North Korea is not connected at all, with its citizens having no access to the web and limited access to a state-run intranet. Reports suggest, however, the government in Pyongyang has assembled a team of 3,000 "elite hackers" in order to augment its military might.
In an apparent response to the cyber-attacks on South Korea, last week the North had its Twitter accounts hacked by Anonymous, and the hacktivist collective also claimed to have hacked into web and mail servers though there was scant evidence this had actually happened.