RSupport disclosed that one internal PC showed signs of malware infection and that a code-signing certificate used for file integrity verification may have been exposed, prompting revocation, replacement, and security-hardening measures with KISA support. Trend Micro’s Operation Red Signature reporting described a supply-chain compromise of a South Korean remote support provider’s update server in which attackers used a stolen code-signing certificate to sign malicious updates, deliver 9002 RAT to selected customer IP ranges, and deploy post-compromise tooling including Active Directory discovery, SQL password dumping, browser password recovery, Mimikatz activity, and IIS 6 WebDAV exploitation.