SEOUL—A breach of South Korea’s military database by suspected North Korean hackers originated in compromised third-party cybersecurity software and was made possible by an unintended connection to the internet, according to people familiar with the attack.

The cyberassault in September last year, in which South Korean and U.S. military secrets were stolen, caught South Korean officials off guard, the people said, because it occurred within a military intranet believed to have been cut off from the internet and therefore protected from outside hacks.

The stolen classified military documents included a joint U.S.-South Korean plan detailing how to eliminate the Pyongyang leadership in the event of war, according to U.S. defense officials and a South Korean lawmaker. U.S. defense officials said they didn’t see any impact on potential future military operations.

To gain entry, North Korean hackers first attacked a Seoul-based firm, Hauri Inc., which makes the antivirus software installed on computers used by South Korea’s military, the people said. The hackers then embedded the malware onto the antivirus software, allowing North Korean operatives to infiltrate military servers.

The hack was possible because of a failure to remove a connector jack linking the military intranet to the internet after maintenance work at the South Korean military’s newly built database center, the lawmaker, Rhee Cheol-hee, said Wednesday.