Multiple South Korean banks and broadcasting organizations were hit by loud defacement activity attributed in the source to attackers using the handle “Whois Team.” The defacement code exposed several whois.com-themed email aliases used by the attackers, while screenshots from victim machines indicated that Wiper-style malware was also deployed. The source explicitly says it cannot determine whether a nation state was behind the attacks, framing the activity instead as cyber-terrorism if no state sponsor is involved. The combination of public defacement, critical-infrastructure targets, and destructive malware made the incident operationally significant for defenders tracking disruptive attacks against South Korean organizations.