TmaxTibero discovered a compromise of its customer support site only after notification from the Gyeonggi Nambu Provincial Police Agency’s security cyber investigation unit. Attackers reportedly replaced the Tibero 7 installer with a malicious file, creating a potential software supply-chain infection path for customers that downloaded what appeared to be legitimate DBMS software. The affected product is widely used across South Korean government agencies, public-sector organizations, and major enterprises, including more than 1,400 customers. The attackers also removed the malicious file and re-uploaded the legitimate installer, a tactic that could reduce detection and complicate incident scoping. The case is significant because a compromised installer for a high-share domestic DBMS could have exposed sensitive government and enterprise environments even though no customer-side intrusions had been confirmed at the time of the article.