North Korea is to blame for last month's cyberattacks on the websites of South Korean media companies and the president and prime minister's offices, a South Korean investigation has concluded.
South Korea's ministry of science said it was blaming North Korea based on analysis of codes, internet addresses and personal computers used to launch the attacks. The attacks occurred on June 25, the 63rd anniversary of the beginning of the Korean War.
It is the latest of several cyberattacks in recent years that Seoul has blamed on North Korea. Pyongyang has denied previous claims and has accused the US and South Korea of a cyberattack in March which shut down its own websites for two days.
The South Korean government-led team of investigators said the online assaults were planned for several months, and the attackers hacked file-sharing websites in South Korea to find security weaknesses.
Local media reported that the personal information of millions of people was stolen from the presidential office's website and the ruling party. Investigators said they managed to recover data on the hard drives that the attackers destroyed on June 25 and found an internet protocol address which was used by North Korea.
They also found that the codes used in the June attacks had the same features as the codes used in the larger cyberattacks on March 20 which shut down tens of thousands of computers at South Korean broadcasters and banks.
The attackers tried to hide their identities by destroying hard drives and disguising the onternet protocol addresses they used, the ministry said. It said the June 25 attacks hit 69 government and private companies' websites and servers.
Earlier this month, cybersecurity firms said the hackers behind the March attacks also have been trying to steal South Korean and US military secrets with a malicious set of codes they have been sending through the internet for years. They did not specifically blame North Korea.
Researchers at McAfee Labs, based in Santa Clara, California, said the malware was designed to find and upload information referring to US forces in South Korea, joint exercises or even the word "secret".
McAfee said versions of the malware have infected many websites in an ongoing attack that it calls Operation Troy because the code is peppered with references to the ancient city. McAfee said that, in 2009, malware was implanted into a social media website used by military personnel in South Korea.