South Korean officials say a cyber attack that shut down computers at several of the country's top banks and broadcasters originated in China.
The Korea Communications Commission on Thursday said an initial investigation revealed that a Chinese IP address created the malicious code in a server of one of the affected banks, Nonghyup Bank.
But the commission stressed that this does not confirm who was behind the attack, saying it could have been launched in another country and made to appear to come from China.
South Korean Defense Ministry spokesperson Kim Min-seok suggested the culprit is North Korea, which in the past is believed to re-route cyberattacks on Seoul through Chinese addresses.
"When [the hacker] turns out to be North Korea, both the South Korean government and the South Korean military will respond. However, it is not confirmed at the moment," said Kim.
South Korea's Yonhap news agency also quoted an unidentified high-ranking official in the presidential office as saying that Seoul bears a "strong suspicion" that North Korea conducted the attack.
The attack Wednesday paralyzed computers at television broadcasters YTN, MBC, and KBS, as well as two commercial banks, Shinhan Bank and Nonghyup Bank.
The Korea Internet Security Agency says it would take at least five days to fully restore the functions of the at least 32,000 computers that were affected by the attack.
South Korea's military raised its alert level following the attack, though the military was not targeted.
Jason Healey of the Atlantic Council says such attacks tend to happen when tensions between the two Koreas are high, as has been the case in recent weeks.
"A few of us had been warning as early as last week that this was … that this kind of attack on South Korea would be likely since the North Koreans have been quite belligerent lately and even renounced the armistice with South Korea and the United States," he said. "The North Koreans are always wanting to be about bad behavior and intensification of their tantrums, so it’s entirely possible that this was North Korea.”
Another Washington-based cyber analyst, Jessica Herrera-Flanigan of the Monument Policy Group, says North Korean involvement in the attack would not be surprising.
She also said South Koreans who are sympathetic to the North's government could have carried it out.
"Broadcasters are an easy target because they carry news, they carry information, and we’ve seen those types of cyber attacks increasingly occurring," she said. "Banks, it’s a disruption of the economic system, and it’s a statement about the economic system and trying to attack those systems.”
North Korea has used increasingly violent rhetoric against the U.S.-backed South in recent weeks, threatening to wage all-out war after the United Nations passed sanctions in response to the North's latest nuclear test.
Pyongyang is believed to have an elite cyber warfare unit that was reportedly behind computer attacks on South Korean government agencies and financial institutions in 2009 and 2011. South Korea's military said it was not affected by the outage.
Wednesday's attack came just days after North Korea accused the United States and South Korea of launching a computer attack on some of its websites, which suffered a prolonged outage last week.