The Ministry of Science, ICT and Future Planning reported uncovering evidence linking the North Korean government to the signature malicious computer codes and an internet address used in the attacks mounted on the anniversary of the Korean War last month, in a report published Tuesday.
The campaign saw hackers target several government websites with denial of service (DoS) and defacement attacks. The attackers claimed to be operating as independent hacktivists, though this has been questioned.
Most recently security firm McAfee reported uncovering evidence suggesting that the attacks are part of a larger, sophisticated spying campaign that has been active since at least 2009, in its Dissecting Operation Troy: Cyber espionage in South Korea threat report.
Like the Ministry, the report cited similarities between the DarkSeoul attacks and malware used by a second team, operating under the New Romanic Cyber Army Team alias as proof the use of the Anonymous hacktivist banner was likely a smokescreen designed to fool law enforcement and governments about the true nature of the campaign.
However, unlike the Ministry, McAfee said even with this evidence it is still too early to know whether the North Korean government is behind the attacks.
Prior to the attacks on the government, DarkSeoul hackers also mounted sophisticated cyber attacks on several of the country's banks and broadcasters, crippling thousands of computers. This has increased political tensions between the North and South Korean governments, leading many security researchers to fear potential repercussions.