South Korea is world-famous for its blazing-fast web, near-universal broadband protection, and as a frontrunner in digital innovation, internet hosting world tech manufacturers like Hyundai, LG, and Samsung. However this very success has made the nation a main goal for hackers and uncovered how fragile its cybersecurity defenses stay.
The nation is reeling from a string of high-profile hacks, affecting bank card corporations, telecoms, tech startups, and authorities businesses, impacting huge swathes of the South Korean inhabitants. In every case, ministries and regulators appeared to scramble in parallel, typically deferring to 1 one other somewhat than transferring in unison.
Critics argue that South Korea’s cyber defenses are hindered by a fragmented system of presidency ministries and businesses, usually leading to gradual and uncoordinated responses, per native media reviews.
With no clear authorities company appearing as “first responder” following a cyberattack, the nation’s cyber defenses are struggling to maintain tempo with its digital ambitions.
“The federal government’s method to cybersecurity stays largely reactive, treating it as a disaster administration challenge somewhat than as essential nationwide infrastructure,” Brian Pak, the chief government of Seoul-based cybersecurity agency Theori, informed TechCrunch.
Pak, who additionally serves as an advisor to SK Telecom’s dad or mum firm’s particular committee on cybersecurity improvements, informed TechCrunch that as a result of authorities businesses tasked with cybersecurity work in silos, creating digital defenses and coaching expert staff usually get ignored.
The nation can be going through a extreme scarcity of expert cybersecurity consultants.
“[That’s] primarily as a result of the present method has held again workforce improvement. This lack of expertise creates a vicious cycle. With out sufficient experience, it’s unimaginable to construct and keep the proactive defenses wanted to remain forward of threats,” Pak continued.
Political impasse has fostered a behavior of looking for fast, apparent “fast fixes” after every disaster, mentioned Pak, all of the whereas the tougher, long-term work of constructing digital resilience continues to be sidelined.
This yr alone, there was a serious cybersecurity incident in South Korea virtually each month, additional mounting considerations over the resilience of South Korea’s digital infrastructure.
January 2025
- GS Retail, the operator of comfort shops and grocery markets throughout South Korea, confirmed a knowledge breach that uncovered the private particulars of about 90,000 clients after its web site was attacked between December 27 and January 4. The stolen data included names, beginning dates, contact particulars, addresses, and e mail addresses.
February 2025
April and Might 2025
- South Korea’s part-time job platform Albamon was hit by a hacking assault on April 30. The breach uncovered the resumes of greater than 20,000 customers, together with names, telephone numbers, and e mail addresses.
- In April, South Korea’s telecom big SK Telecom was hit by a serious cyberattack. Hackers stole the private knowledge of about 23 million clients — practically half the nation’s inhabitants. A lot of the aftermath of the cyberattack lasted by way of Might, through which tens of millions of shoppers had been provided a brand new SIM card following the breach.
June 2025
- Yes24, South Korea’s on-line ticketing and retail platform, was hit by a ransomware assault on June 9, which knocked its companies offline. The disruption lasted for about 4 days, with the corporate again on-line by mid-June.
July 2025
- In July, the North Korea-linked Kimsuky group launched a cyberattack on South Korean organizations, together with a defense-related establishment, this time utilizing AI-generated deepfake photographs.
- A North Korea-backed hacking group, Kimsuky, used AI-generated deepfake photographs in a July spear-phishing try in opposition to a South Korean army group, based on Genians Safety Heart. The group has additionally focused different South Korean establishments.
- Seoul Assure Insurance coverage (SGI), a Korean monetary establishment, was hit by a ransomware assault round July 14, which disrupted its core methods. The incident knocked key companies offline, together with the issuing and verification of ensures, leaving clients in limbo.
August 2025
- Yes24 confronted a second ransomware assault in August 2025, which took its web site and companies offline for just a few hours.
- Hackers broke into South Korean monetary companies firm Lotte Card, which points credit score and debit playing cards, between July 22 and August. The breach uncovered round 200GB of information and is believed to have affected roughly 3 million clients. The breach remained unnoticed for about 17 days, till the corporate found it on August 31.
- Welcome Monetary: In August 2025, Welrix F&I, a lending arm of Welcome Monetary Group, was hit by a ransomware assault. A Russian-linked hacking group claimed it stole over a terabyte of inner recordsdata, together with delicate buyer knowledge, and even leaked samples on the darkish net.
- North Korea-linked hackers, believed to be the Kimsuky group, have been spying on overseas embassies in South Korea for months by disguising their assaults as routine diplomatic emails. Based on Trellix, the marketing campaign has been energetic since March and has focused not less than 19 embassies and overseas ministries in South Korea.
September 2025
- KT, one in all South Korea’s greatest telecom operators, has reported a cyber breach that uncovered subscriber knowledge from greater than 5,500 clients. The assault was linked to unlawful “faux base stations” that tapped into KT’s community, enabling hackers to intercept cellular site visitors, steal data like IMSI, IMEI, and telephone numbers, and even make unauthorized micro-payments.
In mild of the current surge in hacking incidents, the South Korean Presidential Workplace’s Nationwide Safety is stepping in to tighten defenses, pushing for a cross-ministerial effort that brings a number of businesses collectively in a coordinated, whole-of-government response.
In September 2025, the Nationwide Safety Workplace introduced that it might implement “complete” cyber measures by way of an interagency plan, led by the South Korean president’s workplace. Regulators additionally signaled a authorized change giving the federal government energy to launch probes on the first signal of hacking — even when corporations haven’t filed a report. Each steps purpose to deal with the shortage of a primary responder that has lengthy hindered South Korea’s cyber defenses.
However South Korea’s fragmented system leaves accountability weak, putting all authority in a presidential “management tower” may danger “politicization” and overreach, based on Pak.
A greater path could also be stability: a central physique to set technique and coordinate crises, paired with unbiased oversight to maintain energy in verify. In a hybrid mannequin, professional businesses like KISA would nonetheless deal with the technical work — simply with extra simple guidelines and accountability, Pak informed TechCrunch.
When reached for remark, a spokesperson for the South Korea’s Ministry of Science in ICT mentioned the ministry, with KISA and different related businesses, is “dedicated to addressing more and more subtle and superior cyber threats.”
“We proceed to work diligently to reduce potential hurt to Korean companies and most of the people,” the spokesperson added.
This text was initially revealed on September 30.
