North Korea's military is behind a series of cyber attacks against South Korean and U.S. websites that slowed or disabled access by saturating them with traffic this week, a South Korean news report said on Saturday.
The attacks on dozens of U.S. and South Korean government and business sites appeared to have all but ceased as of Friday but have crippled hundreds of personal computers that had been turned into zombies when they were enlisted for the attacks.
North Korea has been seen as a prime suspect for launching the attacks, although the isolated state was not named on a list by the South's Communications Commission (KCC) of sites from five countries where the attacks may have originated.
The No. 110 lab of the North's Ministry of People's Armed Forces, which is a team of hackers, was ordered to destroy the South Korean networks, the South's National Intelligence Service was quoted as telling a closed-door parliamentary briefing.
The secret unit has been adding computer specialists who work with the North's security apparatus in and outside the country including in China to wage a systematic cyber warfare, the spy agency was quoted as telling the briefing by the JoongAng daily.
If the North was responsible, it would mark an escalation in tensions already high from Pyongyang's nuclear test in May, a barrage of ballistic missiles in July and repeated taunts of long-time foes Seoul and Washington in its official media.
Internet access is denied to almost everyone in impoverished North Korea, a country that cannot produce enough electricity to light its cities at night. Intelligence sources say leader Kim Jong-il launched a cyber warfare unit several years ago.
But some analysts have questioned the North's involvement, saying it may be the work of industrial spies or pranksters.
The South's Communications Commission said there had been a sharp drop in traffic against target sites by Friday night which appeared to signal an end to the wave of attacks that first hit on a large scale on Tuesday.
The agency said 438 cases of personal computers have been reported destroyed by malicious software used in the attacks.
The attacks saturated target websites with access requests generated by malicious software planted on personal computers. This overwhelmed some targeted sites and slowed server response to legitimate traffic.
(Reporting by Jack Kim and Jeremy Laurence)