South Korea is world famous as a leader in its blazing-fasting internet, near-survival broadband coverage, and a leader in digital innovation, hosting global technical brands such as Hyundai, LG and Samsung. But this much success has made the country a major goal for hackers and has revealed how delicate its cyber security rescue is.
The country is affecting a string of high-profile hacks, affecting credit card companies, telecom, tech startups and government agencies, affecting the huge self-interests of the South Korean population. In each case, ministries and regulators appeared in parallel, sometimes transferred each other to each other instead of moving beyond each other.
Critics argue that South Korea’s cyber defense is obstructed by a fragmented system of government ministries and agencies, resulting in slow and unnatural reactions according to local media reports.
No clear government agency acts as a “first respondent” after a cyber attack, the country’s cyber defense is struggling to keep pace with its digital ambitions.
“The government’s approach to cyber security is largely reactive, which is considered as a crisis management issue rather than a crisis management rather than an important national infrastructure,” said Brian Pak said, Chief Executive Officer of Seoul-based cyber security firm Thori said.
Pakistan, which also works as an advisor to the Special Committee of SK Telecom’s original company on cyber security innovations, told Techchchan that because government agencies worked with cyber security work in Silos, developing digital defense and training to skilled workers often are often ignored.
The country is also facing a serious shortage of skilled cyber security experts.
,[That’s] Mainly because the current approach has put back the workforce development. This deficiency of talent creates a vicious cycle. Without adequate expertise, it is impossible to build and maintain the active rescue required to stay ahead of dangers, ”continued.
Political deadlock has promoted the habit of looking for quick, clear “quick reforms” after every crisis, while Pakistan said, while all more challenging, long -term tasks of building digital flexibility are ignored.
This year alone, a major cyber security incident occurred in South Korea almost every month, and growing concerns over the flexibility of South Korea’s digital infrastructure.
January 2025
- GS Retail, the operator of convenience stores and grocery markets in South Korea, confirmed a data violation of the individual details of around 90,000 customers after attacking its website between 27 December to 4 January. The stolen information included name, date of birth, contact details, addresses and email addresses.
February 2025
April and May 2025
- South Korea’s part -time job platform Albamon was killed by a hacking attack on 30 April. Breach exposed the resumes of over 20,000 users, including names, phone numbers and email addresses.
- In April, South Korean telecom giant SK Telecom was hit by a major cyber attack. Hackers stole personal data of about 23 million customers – about half the country’s population. Most of the cyber attack lasted until May, in which millions of customers were introduced a new SIM card after violations.
June 2025
- YES24, South Korea’s online ticketing and retail platform, collided with a ransomware attack on 9 June, offline its services. The disintegration lasted for about four days, online with the company until mid -June.
July 2025
- In July, the Kimsuki group associated with North Korea launched a cyberrtack on South Korean organizations, including a defense-related institution, this time using AI-borne deep-felt images.
- According to the Genius Security Center, a North Korea-backed Hacking Group, Kimsuki, used AI-Janit Deepfek images in July in a July-fishing attempt against a South Korean military organization. The group has also targeted other South Korean institutions.
- Seoul Guarantee Insurance (SGI), a Korean Financial Institute, was killed by a ransomware attack around 14 July, which disrupted its main systems. The incident offered major services, including the guarantee issuing and verification, leaving the customers in Limbo.
August 2025
- YES24 faced a second ransomware attack in August 2025, which offered its website and services for a few hours.
- Hackers broke into the South Korean financial services company Lotte Card, which issues credit and debit cards between July 22 and August. Breach exposed around 200GB of data and is believed to have affected around 3 million customers. Until the company discovered it on 31 August, this violation was not noticed for about 17 days.
- Welcom Financial: In August 2025, a lending arm of Velic Financial Group was hit by a ransomware attack. A Russian-Linked Hacking Group claimed that it steals on a terabyte of internal files, with sensitive customer data, and even samples on the dark web.
- Hackers associated with North Korea, it is believed that the Kimsuki Group has been spying on foreign embassies in South Korea for months, dissolving its attacks in the form of regular diplomatic emails. According to the trailix, the campaign is active since March and has targeted at least 19 embassies and foreign ministries in South Korea.
September 2025
- One of South Korea’s largest telecom operators has reported a cyber violation, which has highlighted subscriber data from more than 5,500 customers. The attack was linked to illegal “fake base stations”, which was tapped into a network of KT, which enables hackers to disrupt mobile traffic, steals information such as IMSI, IMEI and phone number, and even does unauthorized micro-payments.
In the recent lighting light in hacking events, the national security of the South Korean President’s Office is stepping into a coordinated, a coordinated, entire-government response to bring several agencies together, to tighten the rescue.
In September 2025, the National Security Office announced that it would implement the “comprehensive” cyber measures through an contradictory scheme led by the South Korean President’s office. The regulators also indicated a legal change to give government power to launch an inquiry on the first signal of hacking – even if the companies have filed a report. The purpose of both stages is to remove the shortage of the first respondent, which has long interrupted the cyber rescue of South Korea.
But South Korea’s fragmented system leaves the accountability weak, having all rights in a president “control tower” can lead to “politicization” and overrech risk.
A better way can be balanced: a central body to determine the strategy and coordinate crises, combined with independent inspection to keep electricity in power. In a hybrid model, expert agencies like Kisa still handle technical work – just with more direct rules and accountability, Pakistan told Techcrunch.
On arrival for the comment, a spokesman for South Korea’s Ministry of Sciences at ICT said the Ministry said with the Kisa and other relevant agencies, “is committed to addressing rapidly sophisticated and advanced cyber threats.”
The spokesperson said, “We continue to work diligently to reduce the possible losses for Korean businesses and the general public.”
This article was originally published on 30 September.
.png?w=768&resize=768,0&ssl=1 "The Best TVs We’ve Reviewed in 2025: Sony, Samsung, LG, and More")
