Security experts said they had uncovered evidence that the attack had been in the works since late last year. It was directed at the Pyeongchang Organizing Committee and incorporated code that was specifically designed to disrupt the Games or perhaps even send a political message.

“This attacker had no intention of leaving the machine usable,” a team of researchers at Cisco’s Talos threat intelligence division wrote in an analysis Monday. “The purpose of this malware is to perform destruction of the host” and “leave the computer system offline.”

In an interview, Talos researchers noted that there was a nuance to the attack that they had not seen before: Even though the hackers clearly demonstrated that they had the ability to destroy victims’ computers, they stopped short of doing so. They erased only backup files on Windows machines and left open the possibility that responders could still reboot the computers and fix the damage.

“Why did they pull their punch?” asked Craig Williams, a senior technical leader at Talos. “Presumably, it’s making some political message” that they could have done far worse, he said.

Talos’s findings matched those of other internet security companies, like CrowdStrike, which determined on Monday that the attacks had been in the works since at least December. Adam Meyers, vice president of intelligence at CrowdStrike, said his team had discovered time stamps that showed the destructive payload that hit the opening ceremony was constructed on Dec. 27 at 11:39 a.m. Coordinated Universal Time — which converts to 6:39 a.m. Eastern Time, 2:39 p.m. in Moscow and 8:39 p.m. in South Korea.