KrCERT published emergency threat mitigation guidance for OfficeKeeper servers after suspicious uploaded PHP files and abnormal storage behavior were identified. Administrators are advised to inspect /home/storage/ and OfficeKeeper storage paths for web shells such as ofk_storage1.php through ofk_storage9.php or grabberr.php, review access logs for abnormal IP activity, disable automatic backup exposure, restrict unauthorized access, and coordinate vendor patching.