South Korean investigators attributed the Interpark breach and extortion case to North Korea’s Reconnaissance General Bureau after an employee PC was compromised via a spearphishing attachment, malware spread internally, and attackers reached systems used by personnel with access to customer-data databases. The intrusion involved internal reconnaissance, credential and access-control abuse, database theft, exfiltration through employee PCs, and extortion for financial gain, making it an early example of DPRK-linked operations combining personal-data theft with criminal monetization against a major Korean online service.