This is the analysis report on the cases of the TTPs that the attackers use SMB/Admin Shares for Lateral Movement
You could find Korean version of the report here:
https://www.boho.or.kr/data/reportView.do?bulletin_writing_sequence=66830
You could find Korean version of the report here:
https://www.boho.or.kr/data/reportView.do?bulletin_writing_sequence=66830