Following the attack on Sony Pictures in November, the US government was quick to point fingers at North Korean hackers. This is because the NSA has been tracking them with malware for years now, according to new reports.

Some were critical of how fast the US was to blame Pyongyang for the attacks that left Sony Pictures on its knees, but a new report from The New York Times suggests the National Security Agency had been secretly following the North Korean attackers in question from as early as 2010. The report, which cites various experts in the field along with leaked documents courtesy of infamous former NSA agent Edward Snowden, also brings new information on how the hackers pulled it off even though the US was apparently already watching.

Individuals close to the investigation say the hackers spent two months on Sony’s network without raising alarms due to the somewhat simple nature of the phishing scams used to obtain private credentials, among other things. The group was also able to acquire the credentials of a Sony system administrator without US agencies noticing, giving them free reigns to set up shop and carry out the attack.

Further evidence of Pyongyang’s involvement came earlier this month when the FBI said it could see the IP addresses were those used exclusively by the North Koreans, adding that at times they could even see them connect “directly.”  

Despite having proof of previous major attacks by North Korean hackers and being fully aware of its issues with “The Interview,” the US government failed to mention any suspicions during a June meeting with Sony Pictures, according to reports.