South Korea said on Friday that an IP address identified as a source of a major cyber attack this week was not based in China as originally believed.
On Thursday, the regulatory Korea Communications Commission said it had traced the attack on South Korean banks and broadcasters to a Chinese IP address, firming suspicions that North Korea may have been responsible.
But further analysis by investigators from the Korea Internet and Security Agency (KISA) showed that it came from a computer in one of the targeted banks, and "coincidentally matched" a public address in China.
"We're still tracking some dubious IP addresses which are suspected of being based abroad," KISA vice president Lee Jae-Il told reporters.
"Keeping all kinds of possibilities open, we're making efforts to track down the hackers," he added.
The China connection announced on Thursday had fuelled speculation that North Korean hackers were involved.
Previous online attacks blamed on North Korea - including one last year on the computer network of the conservative JoongAng newspaper in Seoul - were tracked back to Chinese sources.
Security analysts in South Korea believe the North sends hackers to China to hone their skills and operate from there.
Wednesday's attack completely shut down the networks of TV broadcasters KBS, MBC and YTN, and halted financial services and crippled operations at three banks - Shinhan, NongHyup and Jeju.
The attack employed malware that can wipe the contents of a computer's hard disk as well as drives connected to the infected computer.