South Korea’s Defense Acquisition Program Administration confirmed that 10 internet-connected PCs were compromised in October 2018 and internal materials were leaked. An internal investigation report cited delayed response and poor awareness of a vendor administrator account in a data-storage prevention solution that became the intrusion path. The article says attackers understood that the solution temporarily encrypted and retained data for 30 days before deletion, and exploited that window. South Korean officials had not attributed the incident, while private security sources assessed that the hacking method resembled activity by North Korean hacker units.