South Korea is accusing North Korean spies of masterminding a series of high-profile cyber-attacks on its banks and television broadcasters in March.
Tens of thousands of computers were made to malfunction, disrupting work at banks and televisions in South Korea.
Investigators in Seoul said they had discovered some of the code involved was identical to that used in malware previously linked to Pyongyang.
The allegation adds to growing tension on the Korean peninsula.
On Tuesday North Korea told foreigners in the South to “work out measures for evacuation” to avoid becoming involved in a “thermonuclear war”.
Seoul’s foreign minister subsequently said that there was a “considerably high” risk that North Korea might fire a ballistic missile at it over the coming days.
North Korea has not commented on the cyber-attack accusation.
About 48,000 PCs and servers in South Korea were struck on March 20.
The assault shut down computer networks at TV stations KBS, MBC and YTN, and halted operations at three banks – Shinhan, NongHyup and Jeju.
Investigators in Seoul reported their initial findings suggested North Korea’s military-run Reconnaissance General Bureau had been responsible.
A spokesman announced that 30 out of 76 programs recovered from affected computers were the same as those used in previous strikes.
In addition he said that 22 of the 49 internet protocol (IP) addresses involved in the incidents matched those used in attacks blamed on North Korea over the past five years.
The recent assaults shortly followed a South Korea-US joint military exercise, but it was suggested they had been long in the planning.
“The attackers gained control of personal computers or server computers within the target organizations at least eight months ago,” a government statement reported in the Korea Herald said.
“After maintaining monitoring activities [they] sent out the command to delete data stored in the server, and distributed malware to individual computers through the central server.”
South Korea’s Financial Services Commission added that no bank records or personal data had been compromised.
Previous cyber-intrusions blamed on Pyongyang include attempts to block access to the website of South Korea’s presidential office and other government departments, and hacks of computers at Nonghyup bank and the Joonang Ilbo newspaper.
In turn, North Korea has accused both South Korea and the US of preventing users from being able to visit its official media sites – the Rodong Sinmun newspaper and the Korean Central News Agency (KCNA) – earlier this year.
It has led some commentators in the South to criticize the state of their cyber-defenses bearing in mind the public there is much more reliant on the internet than citizens in North Korea.
“South Korea cannot cope with unpredictable and sophisticated provocations from North Korea with a bureaucratic, rigid mindset,” wrote Chae In-taek in the Joonang Ilbo.
“National security cannot be assured through an outdated system. We must come up with an innovative security system fast.”