A targeted Windows intrusion chain tied to SideCopy-style tradecraft shows how localized phishing, trusted system tools, and recycled RAT code can still threaten government finance operations.