South Korean judicial network reporting described a long-running breach of court systems in which North Korea-linked operators, later identified in several reports as Lazarus, compromised systems including Active Directory and internal servers and exfiltrated court data and documents. Follow-on investigations described PC compromise, C2 preparation before March 2021, credential and network reconnaissance, backdoors or malware on internal assets, and reported data-loss estimates ranging from hundreds of gigabytes to 1,014 GB.