Officials from the Republic of Korea are saying North Korea’s militarySouth Korea intelligence agency was responsible for the mid-March malware attacks that knocked several prominent South Korean banks and broadcasters offline, according to a Dow Jones Newswire report.

The South Korean Science Ministry reportedly found similarities between this attack and previous ones known to emanate from the north. Furthermore, the report claims that investigators managed to trace the attack, which was routed through machines in a number of nations in an attempt to cloak its origin, back to machines located in the People’s Democratic Republic of Korea.

“We have a lot of evidence to show the North’s Reconnaissance General Bureau led the attack,” Chun Kil-soo, a Korea Internet and Security Agency spokesperson, told the Dow Jones Newswire.

In the days following the hacking incident, a number of speculative narratives emerged regarding the origins of the attack. The use of the Wiper malware, which had been previously deployed in a nation-state attack against the petroleum giant Saudi Aramco in August 2012, suggested that this attack was either launched by the same state-backed group or that hacktivists saw what happened to Saudi Aramco and borrowed the malware for their own attack.

Some too blamed China, because an initial investigation, first reported by CNN, pinned the attack to machines with Chinese IP addresses. It is possible, probable in fact given the latest reports, that these machines were proxies through which the North routed its attack.

Researchers at F-Secure later announced that their own investigation revealed that the wiper infections and eventual network outages were the fruits of a spear-phishing campaign.

The South’s accusation comes amid rising tensions on the Korean Peninsula. At this point, it’s impossible to tell who’s provoking whom, but it seems that every day North Korea threatens South Korea and its allies with nuclear strikes while South Korea and the U.S. continue increasing the frequency and intensity of military exercises on the peninsula.

Categories: Government, Malware