South Korea is of world renowned for its fascinating internet, an almost university broadband coverage and as a leader in digital innovation, welcoming global technological brands like Hyundai, LG and Samsung. But this success made the country a main target for the pirates and revealed to what extent its cybersecurity defenses remain fragile.
The country is under the shock of a series of high-level hacks, affecting credit card companies, telecommunications, technological startups and government agencies, which has an impact on large expanses of the South Korean population. In each case, the ministries and regulators seemed to rush in parallel, sometimes recovering from each other rather than moving in unison.
Critics argue that Cyber-Defenses in South Korea are hampered by a fragmented system of ministries and government agencies, often causing slow and non-coordinated responses, according to local media.
Without a clear government agency acting as a “first responder” following a cyber attack, the country’s cyber-defensers find it difficult to follow its digital ambitions.
“The government’s approach to cybersecurity remains largely reactive, dealing with it as a problem with the crisis management rather than a critical national infrastructure,” said Brian Pak, CEO of the Cybersecurity Company based in Seoul, Theori, in Techcrunch.
Pak, who is also an advisor to SK Telecom, the special cybersecurity innovation committee, told Techcrunch that, because government agencies in charge of cybersecurity work in silos, the development of digital defenses and the training of skilled workers are often overlooked.
The country also faces a serious shortage of skilled cybersecurity experts.
“(It is) mainly because the current approach has retained the development of the workforce. This lack of talent creates a vicious circle. Without enough expertise, it is impossible to build and maintain the proactive defenses necessary to stay ahead of the threats,” continued Pak.
The political impasse has favored a habit of looking for rapid and obvious “rapid solutions” after each crisis, said Pak, while being the most difficult and long -term work of strengthening digital resilience continues to be sidelined.
Only this year, there has been a major cybersecurity incident in South Korea almost every month, which extends other concerns about the resilience of South Korea digital infrastructure.
January 2025
- GS Retail, the operator of convenience stores and grocery markets across South Korea, confirmed a data violation that exposed personal details of around 90,000 customers after the attack on his website between December 27 and January 4. Stolen information included names, birth dates, contact details, addresses and email addresses.
February 2025
April and May 2025
- The part-time employment platform of South Korea Albamon was struck by a hacking attack on April 30. The violation revealed the curriculum vitae of more than 20,000 users, including names, telephone numbers and email addresses.
- In April, the telecommunications giant in South Korea SK Telecom was affected by a major cyber attack. The pirates stole personal data of around 23 million customers – almost half of the country’s population. A large part of the consequences of the cyber attack lasted in May, in which millions of customers were offered a new SIM card after the violation.
June 2025
- Yes24, the online ticketing and retailing platform of South Korea was struck by a ransomware attack on June 9, which overturned its offline services. The disturbance lasted about four days, the online return company in mid-June.
July 2025
- In July, the Kimsuky group in North Korea launched a cyber attack on South Korean organizations, including an institution linked to defense, this time using deepfake images generated by AI.
- A hacking group supported by North Korea, Kimsuky, used Deepfake images generated by AI in a spear-speaking attempt in July against a South Korean military organization, according to the Genians Security Center. The group has also targeted other South Korean institutions.
- Seoul Guarantee Insurance (SGI), a Korean financial institution, was struck by a ransomware attack around July 14, which disrupted its main systems. The incident overturned offline key services, including the emission and verification of guarantees, leaving customers in limbo.
August 2025
- Yes24 faced a second ransomware attack in August 2025, which put its website and offline services for a few hours.
- The pirates burst into the South Korean Society of Financial Services Lotte Card, which issues credit and debit cards, between July 22 and August. The violation exhibited about 200 GB of data and has affected around 3 million customers. The violation remained unnoticed for about 17 days, until the company discovered it on August 31.
- Welcome Financial: In August 2025, Welrix F & I, a branch of loan from Welcome Financial Group, was struck by a ransomware attack. A hacking group linked to Russia said it had stolen an internal file teraoctet, including sensitive customer data, and even samples disclosed on the Dark Web.
- North pirates in North Korea, supposed to be the Kimsuky group, hope for foreign embassies in South Korea for months by disguising their attacks as routine diplomatic emails. According to Trellix, the campaign has been active since March and targets at least 19 foreign embassies and ministries in South Korea.
September 2025
- KT, one of the largest telecommunications operators in South Korea, reported a cyber-violation that exhibited subscriber data of more than 5,500 customers. The attack was linked to illegal “basic false stations” that operated the KT network, allowing hackers to intercept mobile traffic, steal information like IMSI, IMEI and telephone numbers, and even to make unauthorized micro-payments.
In light of the recent increase in hacking incidents, the national security of the South Korean presidential office intervenes to tighten the defenses, putting pressure for a cross effort which brings together several agencies in a coordinated and total response.
In September 2025, the National Security Office announced that it would implement “complete” cyber measures thanks to an interinstitutions plan, led by the office of the South Korean president. The regulators also reported a legal change giving the government’s power to launch probes during the first piracy sign – even if companies have not reported. The two stages aim to approach the absence of a first speaker who has long embarrassed cyber-defenses in South Korea.
But the fragmented system of South Korea leaves weak responsibility, placing any authority in a presidential “control tower” could risk “politicization” and surpassing, according to Pak.
A better path can be balanced: a central body to define the strategy and coordinate crises, associated with independent surveillance to keep power under control. In a hybrid model, expert agencies like Kisa would always manage technical work – with simplest rules and responsibility, Pak in Techcrunch told.
When he was contacted to comment, a spokesman for the South Korea Ministry of Sciences in ICT said that the ministry, with Kisa and other relevant agencies, was “determined to tackle the increasingly sophisticated and advanced cyber-menices”.
“We continue to work with diligence to minimize potential damage to Korean companies and the general public,” added the spokesperson.
This article was initially published on September 30.
