South Korea's 2011 NHBank network outage involved large-scale destruction of server data that disabled some or all services for several days. Investigators said a Korea IBM maintenance employee's laptop was infected after using a web-hard download coupon, then attackers allegedly used it for seven months to steal administrator credentials, install keylogging and eavesdropping tools, and remotely execute deletion commands that damaged many servers. The prosecution attributed the operation to North Korea's Reconnaissance General Bureau, citing overlap with earlier DDoS malware patterns, an alleged shared command-server IP, and a MAC address tied to a known zombie PC list, but the excerpt also records substantial skepticism from security experts and media about whether those indicators proved attribution. The case matters for DPRK-focused tracking because it shows how a poorly secured third-party maintenance laptop, weak endpoint controls, outbound firewall gaps, and insufficient internal segmentation were presented as enabling a destructive attack on a major financial institution.