Evidence cited in the Sony Pictures discussion ties the 2014 destructive intrusion to earlier North Korea-linked operations against South Korean banks, broadcasters, military-related networks, and U.S. government websites. The excerpt highlights Dark Seoul wiper malware that overwrote hard-drive sections with strings such as “hastati” and “principes,” along with defacement messages attributed to NewRomanic Cyber Army Team and Whois Team that resembled the Sony warning imagery. McAfee’s analysis is described as finding that Dark Seoul targets were likely compromised at least two months before destruction through a spear-phishing-delivered remote access Trojan, and that the wiper was part of a longer espionage campaign active since 2009 against South Korean assets. CrowdStrike is quoted as assessing infrastructure and malware overlap between Sony, Dark Seoul, and prior South Korean and U.S. government/military targeting, while noting the difficulty of attributing North Korean cyber activity because of the country’s limited public Internet footprint.