It has been concluded that North Korea was behind hacking attacks that paralyzed a variety of business and media entities on March 20th this year. Subsequent attacks against Daily NK and NKnet on March 26th followed an identical pattern, making it likely that the same people or organizations were responsible for all of them.

The March 20th attacks affected media companies KBS, MBC and YTN, as well as Nonghyup, Shinhan and Jeju banks.

In a briefing earlier today, a team consisting of civilian and government agencies such as the Ministry of Science, ICT and Future Planning, Ministry of National Defense, Financial Services Commission and the National Intelligence Service revealed the results of its investigation into the ‘3.20 Hacking,’ saying that the methods closely resemble those used by North Korea’s General Bureau of Reconnaissance in the past.

“Starting on June 28th last year, at least six PCs inside North Korea accessed financial companies on 1590 occasions, distributing malicious code and taking saved information,” Chun Kil Soo of the Korea Internet Security Agency explained, adding that on the next day after the attacks attempts were made to remove all incriminating evidence.

Among the evidence for high-level North Korean involvement, Chun noted that that 30 out of 76 pieces of malicious code used in the attacks had been seen before in attacks believed to have been the work of North Korea, while 22 of 49 infiltration routes were Internet addresses that North Korea has used in hacking projects since 2009.

It has also been confirmed that the malicious code used to hack Daily NK and NKnet was of the same type and origin as that used on March 20th. According to the investigation team, the same methods were also used during the DDoS attacks of July 7th 2009 and March 4th 2011.