South Korea's intelligence agency on Monday downgraded its alert against cyber attacks which had crippled numerous websites and in which North Korea was a suspect.
The National Intelligence Service (NIS) said in a statement that attacks were "fizzling out" and most of the targeted sites had normal traffic restored.
South Korean and US government and private websites were last week hit by waves of "distributed denial of service" attacks designed to swamp selected sites with traffic.
The attacks were brought under control after virus-infected "botnet" hosting servers were isolated and "vaccine" programmes were widely distributed to personal computer users.
The NIS said in a statement Sunday it has yet to be sure that North Koreans were behind the attacks but it sees them a prime suspect.
It told lawmakers in a closed-door briefing Friday that a North Korean military research centre called "Number 110" seems to have orchestrated the attacks, according to Yonhap news agency.
The army's general staff runs the centre which is a "well-trained unit for cyber attacks," legislators were reportedly told.
Yonhap, quoting an intelligence source, said on Sunday that North Korea had stolen personal data on at least 1.65 million South Koreans through hacking into various websites since 2004.
The North has staged a nuclear test and numerous missile launches in recent weeks, raising regional tensions. But a cyber attack, if confirmed, would be a new tactic.