Chosun reported on an SK Shieldus investigation into the South Korean court network breach attributed in the article to Lazarus, describing a multi-stage intrusion from initial PC compromise to long-term data exfiltration. The attackers allegedly used watering-hole or phishing techniques to infect court systems, established C2 infrastructure before March 2021, gathered account and network information, and deployed backdoors or malware on internal servers and PCs. Investigators identified at least 369 GB of data exfiltrated from internal servers to external-network PCs and about 53.5 GB downloaded directly from servers or workstations, while a government investigation had reported total damage of 1,014 GB.