“This is of a different nature than past attacks,” one official said.

An attack that began by wiping out data on corporate computers — something that had been previously seen in South Korea and Saudi Arabia — had turned “into a threat to the safety of Americans,” the official said. But echoing a statement from the Department of Homeland Security, the official said there was no specific information that an attack was likely.

It is not clear how the United States determined that Mr. Kim’s government had played a central role in the Sony attacks. North Korea’s computer network has been notoriously difficult to infiltrate. But the National Security Agency began a major effort four years ago to penetrate the country’s computer operations, including its elite cyberteam, and to establish “implants” in the country’s networks that, like a radar system, would monitor the development of malware transmitted from the country.

It is hardly a foolproof system. Much of North Korea’s hacking is done from China. And while the attack on Sony used some commonly available cybertools, one intelligence official said, “this was of a sophistication that a year ago we would have said was beyond the North’s capabilities.”

It is rare for the United States to publicly accuse countries suspected of involvement in cyberintrusions. The administration never publicly said who attacked White House and State Department computers over the past two months, or JPMorgan Chase’s systems last summer. Russia is suspected in the first two cases, but there is conflicting evidence in the JPMorgan case.

But there is a long forensic trail involving the Sony hacking, several security researchers said. The attackers used readily available commercial tools to wipe data off Sony’s machines. They also borrowed tools and techniques that had been used in at least two previous attacks, one in Saudi Arabia two years ago — widely attributed to Iran — and another last year in South Korea aimed at banks and media companies.

The Sony attacks were routed from command-and-control centers across the world, including a convention center in Singapore and Thammasat University in Thailand, the researchers said. But one of those servers, in Bolivia, had been used in limited cyberattacks on South Korean targets two years ago. That suggested that the same group or individuals might have been behind the Sony attack.

The Sony malware shares remarkable similarities with that used in attacks on South Korean banks and broadcasters last year. Those intrusions, which also destroyed data belonging to their victims, are believed to have been the work of a cybercriminal gang known as Dark Seoul. Some experts say they cannot rule out the possibility that the Sony attack was the work of a Dark Seoul copycat, the security researchers said.