North Korea was most likely behind the cyber attacks carried out between June 25 and July 1 this year on the websites of Cheong Wa Dae and the Office of Government Policy Coordination as well as multiple newspaper companies, the government said on Tuesday.

“North Korean IP addresses were found and the hacking methods, such as the same malware found in the past North Korean cyber attacks, are the same,” said Chun Kil-soo, the director of Internet Incident Response at the Korea Internet and Security Agency and Future Planning.

A number of government agencies including the Science Ministry, KISA the Defense Ministry and the National Intelligence Service had formed a joint response team following the cyber aggression to investigate the origins of the attacks.

According to the joint response team, the hackers had for months deliberately and strategically studied multiple vulnerable points of South Korea’s major domestic P2P service and web hosting firms.

As for the evidence that the attacks originated from North Korea, the joint response team indicated that North Korean IP addresses had been detected from the attacked servers.

Moreover, the team found the same type of malware and hacking methods that had been used in previous North Korean hacking attacks that had paralyzed main functions of more than 32,000 computers in major South Korean financial institutions and media companies in March this year.

According to the national cyber security comprehensive plan that the government announced earlier this month, various government agencies are in close cooperation in order to better protect cyberspace, the ministry said.

The government is also expected to encourage increased input from the private sector.

Out of 69 damaged institutions, 62 websites have been currently recovered to the normal level.

By Kwon Bum-joon (bjkwon@heraldcorp.com)