South Korea is world-famous for its blazing-fast web, near-universal broadband protection, and as a pacesetter in virtual innovation, webhosting world tech manufacturers like Hyundai, LG, and Samsung. However this very luck has made the rustic a major goal for hackers and uncovered how fragile its cybersecurity defenses stay.
The rustic is reeling from a string of high-profile hacks, affecting bank card corporations, and telecoms to tech startups and authorities businesses, affecting huge swathes of the South Korean inhabitants. In every case, ministries and regulators seemed to scramble in parallel, on occasion deferring to each other quite than shifting in unison.
Critics argue that South Korea’s cyber defenses are hindered via a fragmented machine of presidency ministries and businesses, frequently leading to gradual and uncoordinated responses, in line with native media reviews.
With no transparent authorities company appearing as ‘first responder’ following a cyberattack, the rustic’s cyber defenses are suffering to stay tempo with its virtual ambitions.
“The federal government’s technique to cybersecurity stays in large part reactive, treating it as a disaster control factor quite than as crucial nationwide infrastructure,” Brian Pak, the manager govt of Seoul-based cybersecurity company Theori, informed TechCrunch.
Pak, who additionally serves as an guide to SK Telecom’s mum or dad corporate’s particular committee on cybersecurity inventions, informed TechCrunch that as a result of authorities businesses tasked with cybersecurity paintings in silos, creating virtual defenses and coaching professional employees frequently get overpassed.
The rustic could also be dealing with a serious scarcity of professional cybersecurity professionals.
“[That’s] basically since the present manner has held again personnel construction. This loss of skill creates a vicious cycle. With out sufficient experience, it’s not possible to construct and take care of the proactive defenses had to keep forward of threats,” Pak persevered.
Political impasse has fostered a addiction of searching for fast, evident “fast fixes” after every disaster, mentioned Pak, all of the whilst the tougher, long-term paintings of establishing virtual resilience remains to be sidelined.
This yr by myself, there was a significant cybersecurity incident in South Korea each month, additional mounting considerations over the resilience of South Korea’s virtual infrastructure.
January 2025
- GS Retail, the operator of comfort shops and grocery markets throughout South Korea, showed a knowledge breach that revealed the private main points of about 90,000 shoppers after its web page used to be attacked between December 27 and January 4. The stolen knowledge integrated names, beginning dates, touch main points, addresses, and electronic mail addresses.
February 2025
April and Might 2025
- South Korea’s part-time task platform Albamon used to be hit via a hacking assault on April 30. The breach uncovered the resumes of greater than 20,000 customers, together with names, telephone numbers, and electronic mail addresses.
- In April, South Korea’s telecom large SK Telecom used to be hit via a significant cyberattack. Hackers stole the private knowledge of about 23 million shoppers—just about part the rustic’s inhabitants. A lot of the aftermath of the cyberattack lasted thru Might, during which thousands and thousands of shoppers have been introduced a brand new SIM card following the breach.
June 2025
- Yes24, South Korea’s on-line ticketing and retail platform, used to be hit via a ransomware assault on June 9, which knocked its products and services offline. The disruption lasted for approximately 4 days, with the corporate again on-line via mid-June.
July 2025
August 2025
- Sure 24 confronted a 2nd ransomware assault in August 2025, which took its web page and products and services offline for a couple of hours.
- Hackers broke right into a South Korean monetary products and services corporate Lotte Card, which problems credit score and debit playing cards between July 22 and August. The breach uncovered round 200GB of knowledge and is thought to have affected kind of 3 million shoppers. The breach remained overlooked for about 17 days, till the corporate found out it on August 31.
- Welcom Monetary: In August 2025, Welrix F&I, a lending arm of Welcome Monetary Crew, used to be hit via a ransomware assault. A Russian-linked hacking workforce claimed it stole over a terabyte of inner information, together with delicate buyer knowledge, or even leaked samples at the darkish internet.
- North Korea–related hackers, believed to be the Kimsuky workforce, had been spying on international embassies in South Korea for months via disguising their assaults as regimen diplomatic emails. In keeping with Trellix, the marketing campaign has been lively since March and has centered no less than 19 embassies and international ministries in South Korea.
September 2025
- A North Korea–sponsored hacking workforce, Kimsuky, used AI-generated deepfake photographs in a July spear-phishing try towards a South Korean army group, consistent with Genians Safety Middle. The crowd has additionally centered different South Korean establishments.
- KT, one in all South Korea’s greatest telecom operators, has reported a cyber breach that revealed subscriber knowledge from greater than 5,500 shoppers. The assault used to be related to unlawful “pretend base stations” that tapped into KT’s community, enabling hackers to intercept cellular visitors, scouse borrow knowledge like IMSI, IMEI, and get in touch with numbers, or even make unauthorized micro-payments.
In mild of the new surge in hacking incidents, the South Korean Presidential Administrative center’s Nationwide Safety is stepping in to tighten defenses, pushing for a cross-ministerial effort that brings a couple of businesses in combination in a coordinated, whole-of-government reaction.
In September 2025, the Nationwide Safety Administrative center introduced that it will put in force “complete” cyber measures thru an interagency plan, led via the South Korean President’s administrative center. Regulators additionally signaled a criminal alternate giving the federal government energy to release probes on the first signal of hacking — even though corporations haven’t filed a document. Each steps purpose to handle the loss of a primary responder that has lengthy hindered South Korea’s cyber defenses.
However South Korea’s fragmented machine leaves duty vulnerable, hanging all authority in a presidential ‘regulate tower’ may chance ‘politicization’ and overreach, consistent with Pak.
A greater trail could also be stability: a central frame to set technique and coordinate crises, paired with unbiased oversight to stay energy in test. In a hybrid fashion, skilled businesses like KISA would nonetheless deal with the technical paintings — simply with easier laws and duty, Pak informed TechCrunch.
When reached for remark, a spokesperson for the South Korea’s Ministry of Science in ICT mentioned the ministry, with KISA and different related businesses, is “dedicated to addressing an increasing number of refined and complicated cyber threats.”
“We proceed to paintings diligently to attenuate doable hurt to Korean companies and most people,” the spokesperson added.
