UPDATE (10 April): The South made its preliminary case today that a North Korean espionage agency was behind the 20 March cyber attacks. According to the South’s report, the North began preparing for the attack last June, with systems testing beginning in late February. Of the 76 types of malicious code used in the attack, 30 were similar to previous attacks by the North, and 22 of 49 IP addresses overlapped with previous addresses used during cyber attacks traced to the North since 2009.
UPDATE (22 March): The South’s communications commission issued an update today declaring the cyber attack started from an IP address at a domestic bank (Nonghyup), not a Chinese address, as they reported yesterday. Meaning, aside from an irritated China and embarrassed Korean bureaucrats, that the attack erupted from a domestic source. How the code was placed on that server, by whom, and how it spread is still under investigation – an investigation likely to be much more circumspect in placing blame during future announcements.