South Korean authorities warn that Midnight and Endpoint ransomware infections have been observed against domestic SMEs, especially manufacturers, with additional cases in retail, energy, and public-sector environments. The attackers first compromise IT system integration and maintenance providers, then abuse stolen information and trusted customer relationships to expand into client companies. The infection chain begins with malicious emails disguised as quotation requests, job applications, consulting discussions, or security guidance; opened attachments install remote-control malware and enable theft of internal and account data before ransomware deployment. The campaign uses double extortion by stealing data before encryption and threatening disclosure, with ransom demands reportedly around 1% of victim revenue. The advisory emphasizes email filtering, remote-access controls, MFA, credential hygiene, offline backups, script restrictions, and EDR/XDR coverage to reduce spread through supplier trust paths.