The nation’s largest banking network at Nonghyup has been normalized since Saturday after weeks of paralysis, which prosecutors suspect was caused by a cyber attack from North Korea.

South Korea’s prosecution reportedly said they found evidence of break-ins by Internet Protocol addresses similar to that of the hacker hired by North Korea for the 2009 cyber attack of the presidential office Cheong Wa Dae.

The Seoul Central District Prosecutors’ Office found evidence of the attack into the National Agricultural Cooperative Federation, or Nonghyup’s servers on a laptop owned by an IBM Korea employee and noted its similarities to the Cheong Wa Dae attack. They said some of the IP addresses were accessed from China, a pattern used by North Korea’s telecommunications ministry when it orchestrated the 2009 distributed denial-of-service, or DDoS, attack.

“We cannot set in stone that it is a North Korean attack, but that we found similar IP addresses from the IBM worker’s laptop that had installed pre-set “delete” commands to destroy the lender’s computer system,” the prosecutor’s office said.

Nonghyup’s system crashed on April 12 and left customers of the country’s largest banking group by number of branches unable to withdraw money, use credit cards or apply for loans for 18 days. Withdrawal and transfer services were operational again as of Tuesday but other services including credit card operations were normalized only Saturday.

The incident caused 310,000 customers to file complaints and nearly 1,000 called for compensation. The weeks-long paralysis also temporarily removed the records of some of lenders’ 5.4 million credit card customers, leaving them unable to process simple transactions.

Nonghyup pledged full compensation for losses incurred by customers and emphasized that no personal data was leaked in the process.

By Cynthia J. Kim (cynthiak@heraldcorp.com)