There is essentially no useful information in that summary which could be used to draw independent conclusions.

There's certainly some missing evidence in the FBI report. Regarding the IP's used, please have a read here: http://krypt3ia.wordpress.com/2014/12/20/fauxtribution/

FWIW the CERT ('US Computer Emergency Readiness Team') report on the 19th [1] delves a bit deeper into the exploit methods.

If you search for the MD5 hashes of the code you can find code snippets and incidents where such code was used in the past (hacking attempts at DHS, etc). Even though none of these were '0-days' or written by those with ties to NK, the attribution seems to be based on such code reuse.

[1] https://www.us-cert.gov/ncas/alerts/TA14-353A