South Korea Probe Blames North for Cyber Attack

Researchers of Hauri, an IT security software company investigating computer viruses, talk at their lab in the company in Seoul, March 22, 2013.

A South Korean government investigation says North Korea's military spy agency is responsible for a cyber attack last month that shut down computers at several South Korean broadcasters and banks.

The South's Korea Internet and Security Agency (KISA) on Wednesday said the attack bore similarities to previous hacking attempts by Pyongyang's military-run Reconnaissance General Bureau.

Investigators said they traced the attack to six personal computers in North Korea, even though the hackers tried to disguise their origin by using Internet Protocol (IP) addresses in 40 different countries.

KISA said the North had previously used 22 of the locations during previous hacking attempts. It also said the attack employed malicious software previously linked to cyber attacks originating in the North.

A KISA spokesperson said the attack was "extremely carefully prepared."

"About the attack route, I think we can say that it is an Advanced Persistent Threat, which needs at least eight months of elaborate preparation," said the spokesperson.

The March 20 cyber attack affected 48,000 computers and servers, stalling operations at three top South Korean broadcasters and hampering financial services at banks for several days.

The news comes as North Korea wages daily threats of war against the U.S.-backed South. The North is angry at tightened United Nations sanctions on its nuclear program and Seoul's annual joint military drills with Washington.

North Korea is believed to have an elite cyber warfare unit that was suspected of being behind computer attacks on South Korean government agencies and financial institutions in 2009 and 2011.

Some information for this report was provided by AP and AFP.