Experts say there is little hard evidence to point to Pyongyang, but secretive state appears happy to stay on list of suspects

North Korea has refused to deny it was behind a cyber-attack a week ago that resulted in online leaks of several new Sony Pictures films, possibly in retaliation for a forthcoming Sony film depicting a fictional plot to assassinate Kim Jong-un.

The attack leaked at least five high-profile titles – the recently released Fury, as well as unreleased movies such as Still Alice, Annie and To Write Love on Her Arms – to file-sharing sites, and crippled the firm’s corporate email and other parts of its internal network.

It also appeared to leak the salaries and other confidential information of more than 6,000 employees, leaving the studio facing accusations of gender pay disparities among top executives. Sixteen of the 17 most highly paid executives are reportedly male.

The Interview, a comedy due for release next month about two journalists who are hired by the CIA to assassinate Kim, was not leaked. There has been speculation that the North, perhaps using hackers based in China, was trying to get its retaliation in early.

Despite reports that North Korea has assembled a sophisticated cyber-attack unit, and similarities between the Sony hack and a cyber-attack on South Korean banks and TV networks last year, experts say little hard evidence exists to point to the secretive state.

But North Korean officials appeared happy to let their country stay on the list of suspects. Asked whether Pyongyang was involved in the attack, a spokesman for North Korea’s mission to the UN accused “hostile forces” – usually a reference to the US, South Korea and Japan – of blaming everything on the North. But he added: “I kindly advise you to just wait and see.”

The FBI said it was investigating the hack and did not name any suspects.

Pyongyang reacted angrily when the Kim film’s plot became public this summer, and promised a “resolute and merciless” response unless the US banned it. North Korea’s ambassador to the UN, Ja Song-nam, called the movie “the most undisguised sponsoring of terrorism as well as an act of war”, in a letter to the UN secretary general, Ban Ki-moon.

Re/code, a technology news website, was the first to float the North Korea theory last Friday. Citing unnamed sources familiar with the matter, it said: “Sony Pictures Entertainment is exploring the possibility that hackers working on behalf of North Korea, possibly operating out of China, may be behind a devastating attack that brought the studio’s network to a screeching halt earlier this week … the sources stress that a link to North Korea hasn’t been confirmed, but has not been ruled out, either.”

Last week employees at Sony Pictures were greeted with an image of a red skull on their computer screens and the message “Hacked by #GOP” – thought to stand for Guardians of Peace. The screens then went dark.

After a week of using only pens, faxes and telephones employees returned to a semblance of normality on Monday when some computer systems were restored.

However the company faced embarrassment when Kevin Roose, a blogger for the news site Fusion, posted what appeared to be sensitive internal documents. An anonymous emailer sent him a link to a public Pastebin file containing 26 large archives, yielding an “insane” amount of information, said Roose.

One spreadsheet detailed employees names, job titles, home addresses, bonus plans, and current salaries. Of 17 Sony Pictures executives earning more than $1m only one, co-chair Amy Pascal, was female.

Hannah Minghella, the co-president of production at Sony’s separate Columbia Pictures division, was on track to earn $1.6m in 2014 but that was significantly less than the $2.4m for her co-president, Michael De Luca, who in theory has equal responsibilities.

The leak also included the script for an in-house Sony Pictures recruitment video and performance reviews for hundreds employees.

The company did not respond on Tuesday to Guardian requests to verify the information.

In a statement earlier this week it said it was trying to establish who was behind the attack. “The company has restored a number of important services to ensure ongoing business continuity and is working closely with law enforcement officials to investigate the matter,” it said.

It is not the first time North Korea has been accused of mounting cyber-attacks. While most ordinary North Koreans have no access to computers or the internet, the regime is thought to have committed vast resources to the development of a cyberwarfare unit.

Last year North Korean hackers were blamed for paralysing computer networks at three South Korean banks and the country’s two biggest TV networks. Some observers have noted that the methods used in that attack were similar to those used against Sony.

But Martyn Williams, of North Korea Tech, said that was where the similarities ended. In a blogpost on Tuesday, Williams lists several inconsistencies between the Sony incident and previous cyber-attacks linked to North Korea. They included the targeting of the Sony chief executive, Michael Lynton, on Sony Twitter accounts and the claim that the hack was carried out by the Guardians of Peace.

“Attacks linked to North Korea have never included these credits,” Williams said. “Of course none of these mean that the country is definitely not involved, but it seems possible that the story is too good to be true.”

In The Interview, which is due for release in the US on Christmas Day, Seth Rogen and James Franco play celebrity TV journalists who secure an exclusive interview with Kim and are then recruited by the CIA to kill him. A trailer of the film reveals a less than flattering portrayal of Kim, played by Randall Park, as an overweight cigar smoker.

Having once said he hoped Kim would like the movie, Rogen’s tone had hardened by last weekend. “I personally don’t care if [the film is] disrespectful to Kim because he’s evil. But that’s not the intent,” he tweeted on Sunday. “North Korea has produced tons of propaganda films that portray America’s destruction.”