DESERTWOLF involved a compromise of South Korean defense-network systems after attackers abused weaknesses in the military internet antivirus system and distributed malware through an internet antivirus relay server. Investigators found malware on defense-network PCs, confirmed theft of military materials including classified information, and cited weak vulnerability management and improper internet-to-defense network connectivity; South Korean defense reporting assessed the activity as likely North Korean, and FSI later grouped DESERTWOLF within the Andariel/Rifle activity set.