Hackers extracted lists of files from computers they contaminated with the virus that triggered cyber attacks in the United States and South Korea, say Seoul police.
The attacks, in which floods of computers tried to connect simultaneously to a single website to overwhelm the server, caused outages on prominent government-run sites in both countries.
The finding means hackers not only used affected computers for web attacks, but also tried to steal information from them. That adds to concern contaminated computers were ordered to damage their own hard disks or files after the web assaults.
Still, the new finding does not mean information was stolen from attacked websites, such as those of the White House and South Korea's presidential Blue House, police said. It also does not address suspicions about North Korea's involvement.
Police reached those conclusions after studying an analysis of about two dozen computers - a sample of the tens of thousands of the infected computers, said An Chan Soo, a senior cyber attack investigator. Only lists of files were extracted, not the files.
"It's like hackers taking a look inside the computers," An said. "We're trying to figure out why they did this."
File lists were sent to 416 computers in 59 countries, 15 in South Korea. Police have found lists in 12 receiver computers.