By April 2024, South Korean police and partner agencies reported broad North Korea-linked intrusions against domestic defense contractors and less-secure partner companies, attributed to groups including Lazarus, Andariel, and Kimsuky. The attackers sought South Korean defense technology by compromising contractor and supplier systems, stealing server account credentials, accessing important servers without authorization, and deploying malware. Authorities cited attacker IPs, relay infrastructure, and malware evidence, and conducted joint inspections and protective measures for affected firms.