The cyberattack on Nonghyup was so severe that it paralyzed its banking network for a week, the Seoul Central District Prosecutors' Office concluded in its interim report on the event.
The attack was launched by the same group that hacked Web sites of government agencies and financial institutions in 2009 and last March, prosecutors said at a press briefing.
Prosecutors blamed North Korea's General Bureau of Reconnaissance, saying they reached their conclusion after analyzing 81 malignant codes. The information was found in the laptop of an IBM worker who was at Nonghyup's Information Technology center under an outsourcing contract.
The worker's laptop became a "zombie PC," the prosecution said. It was infected with malicious software and programmed to start the attack automatically.
"We found programming methods that were also detected in the previous two cyberattacks, such as the method of encoding the malicious commands," Senior Prosecutor Kim Yeong-dae said.
The system crash started April 12 and left customers of Nonghyup -- the National Agricultural Cooperative Federation -- unable to withdraw or transfer funds, use credit cards or take out loans. Also, customer data were lost and passwords were exposed.
It was three days before services were partially restored.
The bank, with around 5,000 branches, is struggling with more than 30,000 customer complaints and 1,000 compensation claims.
The attack on Nonghyup was similar to one in March, the prosecutor's office said. In particular, the Internet Protocol of a server used to control the zombie PC was identical to the one used in the distributed denial-of-service attack on the bank.
The March attack affected 30 government institutions and organizations but didn't damage or disrupt many computers. Distributed denial-of-service attacks overload sites with data causing them to break down or stop functioning.
The attackers reportedly injected malware into two peer-to-peer file-sharing Web sites, the National Police Agency said at the time.
Government ministries -- including defense and unification -- the National Assembly, a military headquarters, sites for U.S. armed forces in South Korea and major banks were among those hit in March.
The two biggest Internet portals of Naver and Daum, as well as major commercial banks such as Kookmin, Woori and Shinhan were targeted.
In last month's attack on Nonghyup, the prosecutor's office also noted poor attention to security management processes.
"We investigated the IT center entry records and surveillance camera recordings to see whether Nonghyup insiders conspired with the hackers but didn't find any noticeable evidence," Kim said.
"Workers were supposed to receive approval when taking computers in and out of the IT center and when taking one out, the computer should have been reformatted. But those in charge didn't.
"They also hadn't changed system passwords since last July, while they were supposed to do so every month," Kim said.