Seoul Metro disclosed that office PC management infrastructure for subway lines 1 through 4 had been compromised by an organization assessed by South Korea's National Intelligence Service as likely linked to North Korea's Reconnaissance General Bureau. Investigators found 58 infected PCs, abnormal access involving 213 PCs, loss of control over the PC management program server and webzine server, and exfiltration of 12 internal business documents during an exposure window believed to have lasted at least five months. The reported attack method was described as an APT technique similar to the 2013 intrusions against South Korean broadcasters and financial institutions, but the excerpt says the NIS had not definitively confirmed the initial compromise date or attacker. Seoul Metro said the affected systems were office PCs separated from train-control and signaling networks, then formatted 4,240 PCs and added monitoring, APT response, integrated log management, network separation, USB controls, and other security measures.