In 2013, there were two major sets of cyberattacks on South Korean targets attributed to elements within North Korea.
This attack also came at a period of elevated tensions between the two Koreas, following Pyongyang’s nuclear test on 12 February.
[2] South Korean officials linked the incident to a Chinese IP address, which increased suspicion of North Korea as "[i]ntelligence experts believe that North Korea routinely uses Chinese computer addresses to hide its cyber-attacks.
"[3] It was later revealed that the IP address did not originate from China but from the internal network of one of the attacked organizations.
[10] [unreliable source] The website of the office for Government Policy Co-ordination and some media servers were affected as well.
[13] The Ministry of Science, ICT and Future Planning revealed on July 16 that both the March and June incidents corresponded with past hacking methods used by North Korea.
Investigators found that “an IP address used in the attack matched one used in previous hacking attempts by Pyongyang.”[15] Park Jae-moon, a former director-general at the Ministry of Science, ICT and Future Planning said, “82 malignant codes [collected from the damaged devices] and internet addresses used for the attack, as well as the North Korea's previous hacking patterns," proved that "the hacking methods were the same" as those used in the 20 March cyber attacks.
[19] The South Korean National Geographic published cyber terror as one of the top 10 keywords of 2013 due to these attacks.