Banking operations at Nonghyup, a South Korean farm co-operative, were halted by the cyber intrusion, leaving customers unable to access their money.
The Seoul prosecutors' office called it "unprecedented cyber-terror deliberately planned" by North Korea.
It said the software used matched that used in earlier attacks by Pyongyang.
Prosecutors said that a laptop used by a subcontractor "became in September 2010 a zombie PC operated by the North, which... later remotely staged the attack through the laptop".
One of the Internet Protocol (IP) addresses used to break into Nonghyup's system was the same as one used in March for a distributed denial-of-service (DDoS) attack that originated in North Korea, they added.
The software used in the incident was also similar to that employed in July 2009, when a number of South Korean government websites were attacked, the prosecutors said.
The latest attack caused a three-day service outage at the bank - also called the National Agricultural Co-operative Federation - and caused the records of some credit card customers to be deleted.
South Korean media outlets have in the past accused North Korea of running an internet warfare unit aimed at hacking into US and South Korean government and financial networks.
The two Koreas technically remain at war following the 1950-53 Korean War, and tensions have been high in recent months in the wake of two deadly incidents.
South Korea blames North Korea for sinking its Cheonan warship in March 2010, with the loss of 46 lives, although North Korea denies any role in the incident.
Four South Koreans were also killed when North Korean troops shelled a border island in November 2010.South Korea has some of the most strict internet laws in the world, but that does not mean they are the best or the smartest. South Korea passed a myriad of internet laws around 2006 and none of them have been updated by lawmakers since. The internet evolves quickly and a lot of government agencies and businesses are being hampered by these laws to rely on outdated security software (like activeX plugin request) because that is what Korean law states they must use, even though it has become outdated and unsafe.