TeamT5 identified two installers for a newly named backdoor, MemzipRAT, in activity linked to CloudDragon and likely aimed at a South Korean aerospace-sector company. The target belonged to a major South Korean conglomerate with business across aerospace, chemicals, financial services, and IT, raising potential supply-chain concerns. The excerpt states CloudDragon has been accused of abusing VPN vulnerabilities against Korean government agencies and assesses that a new VPN vulnerability may also have enabled this intrusion. MemzipRAT is named from the embedded string "get module from cmd memzip : %d" in the PE files, but the provided excerpt does not detail its full command set or C2 infrastructure. The finding matters because VPN zero-day exploitation against a strategic South Korean enterprise could provide an entry point into connected corporate and sectoral environments.