A Korean security firm reported that a suspected nation-state hacking group stole a product code-signing certificate, creating a supply-chain risk because signed malware can appear to be legitimate software and bypass some security controls. The source says Somansa notified customers, worked with KISA from early February, and began re-signing packages with a new certificate while investigators assessed the incident. The article frames the case against earlier North Korea-linked certificate theft incidents and warns that code-signing compromise at security vendors can amplify downstream exposure even when secondary damage is contained.