South Korea's communications regulator says the cyberattack that paralyzed South Korean computer networks earlier this week might not have originated in China as originally believed.
South Korea's Communications Commissions initially said it had traced the source of the attack on three broadcasters and two banks to a Chinese Internet protocol (IP).
But on March 22 the Korea Internet and Security Agency (KISA) said further analysis showed the IP address was linked to a computer in one of the targeted banks and "coincidentally matched" a Chinese address.
"A malicious code seemed to be spread from [NongHyup Bank's] server and there were records of the server being accessed by someone at that time. So, we are sure that the computer was used for cyberattacks," KISA Vice President Lee Jae-il explained to reporters.
Lee admitted that "we were careless in our efforts to double-check and triple-check" evidence about the source of the attack in the immediate aftermath of the attack.
The Chinese link led to suspicions that North Korean hackers were behind the attack. In the previous attacks, Seoul accused North Korean hackers of using Chinese servers.
North Korea has threatened to attack Seoul and Washington after Pyongyang was hit by more UN sanctions for its February 12 nuclear test.
The cyberattack came as the South Korean and U.S. militaries conducted joint exercises in South Korea, which Pyongyang claimed were a rehearsal for an invasion.
The March 20 attack shut down Shinhan Bank as well the NongHyup Bank and left many ATMs around South Korea out of service.
Broadcasters KBS, MBC, and YTN were also hit.
South Korean authorities say they still cannot rule out any possibilities for the origin of the attack.
The country's Communications Commission said that an analysis of the malware and servers indicated the attack was orchestrated from abroad.
With reporting by Reuters, AP, and AFP