A program implemented by the National Security Agency to help the U.S. and its allies track the computers and networks used by North Korean hackers was critical in gathering information that led Washington to conclude Pyongyang was behind last year's cyberattack on Sony Pictures.
The New York Times first reported that the NSA began placing malware in North Korean systems in 2010. Originally, the purpose of the surveillance was to gain insight into North Korea's nuclear program, but the focus shifted after a large cyberattack on South Korean banks and media companies in 2013.
Fox News has confirmed that investigators have since concluded that the hackers spent more than two months last fall mapping Sony's computer systems and planning how to attack it.
In the case of the Sony Pictures hack, which knocked nearly the entire company's system offline, investigators believe that the North had stolen the "credentials" of a Sony systems administrator, which enabled them to familiarize themselves with Sony's network and plot how to destroy its files and systems.
The office of Director of National Intelligence James Clapper would not speak directly to the report, but said in a statement on Monday:
"The [US intelligence community] has been tracking North Korean intrusions and phishing attacks on a routine basis. While no two situations are the same, it is our shared goal is to prevent bad actors from exploiting, disrupting or damaging U.S. commercial networks and cyber infrastructure. When it becomes clear that cyber criminals have the ability and intent to do damage, we work cooperatively to defend networks."
The attacks themselves, which Sony first reported to the FBI Nov. 24, are widely considered to be in retaliation for the release of "The Interview," a comedy that features an assassination attempt against Kim Jong-un. Pyongyang has repeatedly denied any involvement in the Sony hack.
Skeptics have cast doubt on the official story that North Korea was behind the Sony hack, with many suggesting a disgruntled current or former Sony employee was responsible. Earlier this month, FBI director James Comey said U.S. investigators were able to trace emails and Internet posts sent by the Guardians of Peace, the group behind the attack, and link them to North Korea.
Comey said most of the time, the group sent emails threatening Sony employees and made various other statements online using proxy servers to disguise where the messages were coming from. But on occasion, he said, they connected "directly," enabling investigators to "see that the IP addresses that were being used to post and to send the emails were coming from IPs that were exclusively used by the North Koreans."
A senior military official told The Times that the evidence against North Korea that was presented to President Obama was so compelling that he "had no doubt" the Communist regime was responsible. The White House has imposed new economic sanctions against North Korea as a response to the cyberattack.
The Times report quotes a North Korean defector as saying that country's military first displayed interest in hacking in 1994, when it sent 15 people to a Chinese military academy to learn the practice. Two years later, the Reconnaissance General Bureau, Pyongyang's primary intelligence service, created Bureau 121, a hacking unit that has a substantial representation in the northeast Chinese city of Shenyang.
South Korea's military claims that the North has a staff of 6,000 hackers dedicated to disrupting the South's military and government. That estimate is more than double an earlier projection made by that country's Defense Ministry.
Fox News' Catherine Herridge contributed to this report.