U.S. officials have been confident in pinning the blame on North Korea for last fall’s devastating cyber-attack on Sony Pictures Entertainment because the National Security Agency had been closely monitoring the communist country’s computer systems for several years, according to a New York Times report.

As far back as 2010, the NSA broke into Chinese networks that connect North Korea to the Internet and placed software on systems to track many of North Korea’s army of cyber-attackers, which South Korea has said amounts to about 6,000 individuals, the Times reported, citing unnamed officials.

Using evidence gathered from that program, which originally focused on the North’s nuclear program, U.S. intelligence officials were able to convince President Obama that the North Koreans were in fact responsible for the attack on Sony. As a result, the White House earlier this month issued new sanctions against the country.

Some information-security experts have questioned the U.S.’s claims that North Korea was responsible for the Sony attack. At least one firm claimed it found evidence pointing to a former SPE employee with the technical background and knowledge to help carry out the attack.

But if NSA officials were monitoring North Korea closely, the question is why they didn’t detect the looming attack on Sony, which took more than two months of careful planning, according to the Times. The reason is that the initial attacks did not look suspicious, according to the report, with investigators only later discovering that North Korean hackers had stolen a Sony systems administrator’s log-in credentials to gain access to the studio’s systems.

According to U.S. officials, North Korea launched the cyber-attack on Sony in retaliation for the studio’s film “The Interview,” a comedy starring James Franco and Seth Rogen in which two American journalists carry out the assassination of North Korean leader Kim Jong-un.