South Korea is world -renowned for its intense internet, almost Catholic broadband coverage and as a leader in digital innovation, which hosts global brands such as Hyundai, LG and Samsung. But this success itself has made the country a primary goal for the hackers and exposes how fragile the cyberspace’s defenses remain.
The country is unfolding from a range of high profiles, affecting credit card companies, telecommunications, newly established businesses and government agencies, affecting the huge areas of the South Korean population. In any case, the ministries and regulatory authorities appeared to strive at the same time, sometimes postponing each other instead of moving together.
Critics argue that South Korean cyberspace defenses are hampered by a fragmented system of government ministries and organizations, resulting in slow and uncoordinated answers, per local media reports.
With There is no clear government service as a “first correspondent” After a Cyberettack, the defenses of the country’s cyberspace are struggling to keep up with its digital ambitions.
“The government’s approach to cyberspace remains largely reactive, its treatment as a crisis management issue and not as a critical national infrastructure,” Brian Pak, CYBERSECURY’s CYBERITY Managing Director in Techcrunch, told Techcrunch.
Pak, who also serves as a consultant to the SK Telecom parent company for cyberspace innovations, told TechCrunch that because government -based government services in cyberspace, developing digital defenses and specialized workers.
The country is also facing a serious lack of cyber experts.
“[That’s] Mainly because the current approach has restrained the development of the workforce. This lack of talent creates a vicious circle. Without much experience, it is impossible to build and maintain the preventive defenses needed to remain ahead of the threats, “Pak continued.
The political impasse has promoted a habit of seeking fast, obvious “quick corrections” after every crisis, Pak said, all the most difficult, long -term job of building digital durability is still being overwhelmed.
Only this year, there was an important cyberspace incident in South Korea almost every month, further increasing concerns about the durability of South Korea’s digital infrastructure.
January 2025
- GS Retail, the handler of convenience stores and grocery stores across South Korea, confirmed A data breach that exhibited the personal information of about 90,000 customers after attacking its website between December 27 and January 4. The stolen information included names, birth dates, contact details, addresses and email addresses.
February 2025
April and May 2025
- South Korean part -time platform Albamon was hit by a hacking attack on April 30. The breach exhibited the biographies of more than 20,000 users, including names, phone numbers and email addresses.
- In April, South Korea’s telecommunications telecommunications was hit by a large cyberettack. The hackers stole the personal data of about 23 million customers – almost half of the country’s population. Much of the consequences of Cyberettack lasted in May, where millions of customers offered a new SIM card after the breach.
June 2025
- YES24, South Korea’s online ticket platform and retail platform, hit by a ransomware attack on June 9that hit off -connection services. The disorder lasted about four days, with the company back on the internet until mid -June.
July 2025
- In July, the Kimsuky Group connected to North Korea Launched a Cyberettack in South Korean organizations including an institution -related institutionThis time using Deepfake images produced by AI.
- A hacking team supported by North Korea, Kimsuky, used Deepfake images created by AI in a passive attempt by July against a South Korean military organization, According to the Genians Security Center. The team has also aimed at other South Korean institutions.
- Seoul Guaragee Insurance (SGI), a Korean financial institution, were Hit by a ransomware attack around 14 Julywhich interrupted its basic systems. The incident hit basic offline services, including issuance and verification of guarantees, leaving customers in a vacuum.
August 2025
- Yes24 faced a second ransomware attack in August 2025which took its off -connection website and services for a few hours.
- The hackers broke the South Korean Financial Services Company Lotte Card, which issues credit and debit cards between July 22 and August. Violation exposed approximately 200GB of data and is believed to have affected approximately 3 million customers. The breach remained unnoticed for about 17 days, until the company discovered it on August 31st.
- WELCOME Financial: In August 2025, Welrix F&I, a borrowing of a welcoming financial group, hit by a ransomware attack. A hacking group associated with a Russian associated with the appeal that stole over an internal terabyte terabyte, including delicate customer data, and even leakage samples in the dark tissue.
- Hackers associated with North Korea, believed to be the Kimsuky Group, have spying on foreign embassies in South Korea for months, disguising their attacks as routine diplomatic emails. According to Trellix, the campaign was active Since March and has targeted at least 19 embassies and ministries of aliens in South Korea.
September 2025
- KT, one of the largest telecommunications agencies in South Korea, has reported a violation of cyberspace that exposed subscribers from more than 5,500 customers. The attack was linked to the illegal “fake base stations” that fell on the KT network, allowing hackers to hinder mobile traffic, steal information such as IMSI, IMEI and phone numbers and even make unauthorized micro-payments.
In the light of the recent increase in hacking incidents, the national security of the South Korean Presidential Office is moving forward to tighten defenses, pressing for a cross -stroke that brings multiple services together in a tunedresponse to the entire government.
In September 2025, the National Security Office announced that it will apply “Complementary” government measures Through an interaction plan, led by the office of the President of South Korea. Regulators also marked a legal change giving government power to start detectors In the first sign of piracy – even if companies have not filed a report. Both steps aim to tackle the lack of a first correspondent who has long prevented South Korea’s defense in cyberspace.
However, the fragmented South Korean system leaves accountability weak, placing all power in a presidential “control tower” could risk “politicization” and overrun, according to Pak.
A better path can be balance: a central body to put the strategy and coordinate crises, combined with independent supervision to keep power under control. In a hybrid model, special organizations like Gauge Would still handle technical work – only with simpler rules and accountability, PAK told TechCrunch.
When reached for comments, a spokesman for the South Korean Ministry of Sciences in ICT said that the ministry, with Kissa and other relevant organizations, “is committed to dealing with increasingly advanced and advanced cyberspace threats”.
“We continue to work carefully to minimize the possible damage to Korean businesses and the general public,” the spokesman added.
This article was originally published on September 30.
