States are increasingly willing to publicly attribute hostile cyber operations to other States. Sooner or later, such claims will be tested before an international tribunal against the applicable international law. When that happens, clear guidance will be needed on the methodological, procedural and substantive aspects of attribution of cyber operations from the perspective of international law. This article examines a recent high-profile case brought by the United States authorities against Mr Park Jin Hyok, an alleged North Korean hacker, to provide such analysis. The article begins by introducing the case against Mr Park and the key aspects of the evidence adduced against him. It then considers whether the publicly available evidence, assuming its accuracy, would in principle suffice to attribute the alleged conduct to North Korea. In the next step, this evidence is analysed from the perspective of the international jurisprudence on the standard of proof and on the probative value of indirect or circumstantial evidence. This analysis reveals the need for objective impartial assessment of the available evidence and the article thus continues by considering possible international attribution mechanisms. Before concluding, the article considers whether the principle of due diligence may provide an alternative pathway to international responsibility, thus mitigating the deficiencies of the existing attribution law. The final section then highlights the overarching lessons learned from the Park case for the attribution of cyber operations under international law, focusing particularly on States' potential to make cyberspace a more stable and secure domain through the interpretation and development of the law in this area.