Seoul: Seoul's spy agency has identified a North Korean hacker who could be behind a series of cyber attacks on South Korea and the United States, a newspaper reported on Saturday.
The National Intelligence Service (NIS) has found an internet protocol (IP) address used by a North Korean whose family name is Yun, an unnamed government official told the Chosun daily.
The NIS was put on alert in January after the North was found to be stealing data from information technology research institutions using "distributed denial of service" (DDoS) attacks, the newspaper said.
Hackers this week planted viruses in thousands of personal computers in South Korea and overseas.
The newspaper reported that the North began DDoS attacks on a local network of the Korea Institute of Machines and Materials on June 30, which were carried out by North Korean hackers in China's northeastern city of Shenyang.
"The NIS has long been tracking IP proxies used by North Koreans and it has learned of some IP proxies used by the North Korean (military) hackers' unit," the official was quoted as saying.
"The NIS bases its belief that the attacks were the North's work on this fact."
According to Yonhap news agency, the NIS on Friday told lawmakers in a closed-door briefing that a North Korean research centre called "Number 110" seems to have orchestrated the attacks.
The research centre, which comes under the wing of the General Staff of the People's Army, "is a well-trained unit on cyber attacks" the source told the news agency.
Meanwhile, some analysts have questioned the North's involvement, saying it may be the work of industrial spies or pranksters.
The South's Communications Commission said there had been a sharp drop in traffic against target sites by Friday night, which appeared to signal an end to the wave of attacks that first hit on a large scale on Tuesday.
The agency said 438 cases of personal computers have been reported destroyed by malicious software used in the attacks.
The attacks saturated target websites with access requests generated by malicious software planted on personal computers. This overwhelmed some targeted sites and slowed server response to legitimate traffic.
