A group calling itself the “Whois Team” has claimed credit for the attacks. The group defaced some disrupted websites with a message announcing that “This is the Beginning of our Movement” Attackers may have rented an inexpensive China-based botnet to target a pre-supplied list of South Korean IP or email addresses. Attackers could have chosen which of the compromised systems were in interesting companies, says Jaime Blasco at AlienVault Labs. The primary suspect is always North Korea, given tensions between the two neighbors, reports that North Korea has developed a cyberwarfare unit.”]
Source: https://www.darkreading.com/attacks-breaches/south-korea-bank-hacks-7-key-facts