American Express customers trying to gain access to their online accounts Thursday were met with blank screens or an ominous ancient type face. The company confirmed that its website had come under attack.

The assault was just the latest in an intensifying campaign of unusually powerful attacks on U.S. financial institutions that began in September and have taken dozens of them offline intermittently, costing millions of dollars.

JPMorgan Chase was taken offline by a similar attack earlier this month. And last week, a separate, aggressive attack wiped data from South Korea's banks and television networks.

Corporate leaders long have feared online attacks aimed at financial fraud or economic espionage, but now a new threat has taken hold: attackers, possibly with state backing, who seem bent on destruction.

"The attacks have changed from espionage to destruction," said Alan Paller, director of research at SANS, a cybersecurity training organization. "Nations are actively testing how far they can go before we will respond."

Islamic group claims attack

Security experts who studied the attacks said it was part of the same campaign that took down the websites of JPMorgan Chase, Wells Fargo, Bank of America and others over the past six months. A group that calls itself the Izz ad-Din al-Qassam Cyber Fighters has claimed responsibility for those attacks.

Director of National Intelligence James Clapper

The group says it is retaliating for an anti-Islamic video posted on YouTube last fall. But U.S. intelligence officials and industry investigators say they believe that the group is a convenient cover for Iran.

Just how tight the connection is — or whether the group is acting on direct orders from the Iranian government — is unclear. Government officials and bank executives have failed to produce a smoking gun.

North Korea is considered the most likely source of the South Korean attacks, although investigators still are struggling to follow the digital trail, a process that could take months. The North Korean government of Kim Jong Un has declared openly that it is seeking out online targets in its neighbor to the south to exact economic damage.

Representatives of American Express confirmed that the company was under attack Thursday and said it was working to get its consumer banking site back online. An FBI spokesman did not respond Thursday to a request for comment about the American Express attack.

The largest contingent of instigators of attacks in the private sector, government officials and researchers say, remains Chinese hackers intent on stealing corporate secrets. But the U.S. and South Korean bank attacks underscore a growing fear that the two countries now worrying banks, oil producers and governments may be Iran and North Korea, not because of their skill, but because of their brazenness.

Neither country is considered a superstar in this area. But the appeal of digital weapons is similar to that of nuclear capability: It is a way for an outgunned, outfinanced nation to even the playing field. "These countries are pursuing cyberweapons the same way they are pursuing nuclear weapons," said James A. Lewis, a cybersecurity expert at the Center for Strategic and International Studies in Washington. "It's primitive; it's not top of the line, but it's good enough, and they are committed to getting it."

How to respond

U.S. officials currently are weighing their response options, but the issues involved are complex. At a meeting of banking executives, regulators and representatives from the Homeland Security and Treasury departments in December, some attendees pushed the United States to hit back at the hackers, while others argued that doing so only would lead to more aggressive attacks, according to two people at the meeting.

When hackers believed by U.S. intelligence officials to be Iranians hit the world's largest oil producer, Saudi Aramco, last year, they not only erased data on 30,000 Aramco computers; they replaced the date with an image of a burning U.S. flag. In the assault on South Korea last week, some affected computers displayed an ominous image of skulls.

"This attack is as much a cyber-rampage as it is a cyberattack," Rob Rachwald, a research director at FireEye, a computer security firm, said of the South Korea attacks.

In the past, such assaults typically occurred through a denial-of-service attack, in which hackers flood their target with Web traffic from networks of infected computers until it is overwhelmed and shuts down.

With their campaign against U.S. banks, the hackers suspected of being Iranian have taken that kind of attack to the next level. Instead of using individual personal computers to send Web traffic to each bank, they infected powerful, commercial data centers with sophisticated malware and instructed them to simultaneously fire at each bank, giving them the horsepower to inflict a huge attack.

As a result, the hackers were able to take down the consumer banking sites of American Express, JP Morgan Chase, Bank of America, Wells Fargo and other banks.