South Korean police attributed the GhostRAT compromise of domestic conglomerate networks to North Korea, reporting more than 130,000 infected computers and malware capable of keystroke logging, host profiling, microphone recording, remote-session control, browser-favorite collection, driver installation, security-product interference, and follow-on payload download. The activity is also preserved in later Lazarus/Andariel-focused case-study material and FSI’s Rifle campaign archive, supporting the existing Andariel attribution for a Korea-focused espionage and defense-relevant intrusion.