Bitget App
Trade smarter
Buy cryptoMarketsTradeFuturesEarnWeb3SquareMore
Trade
Spot
Buy and sell crypto with ease
Margin
Amplify your capital and maximize fund efficiency
Onchain
Going Onchain, without going Onchain!
Convert & block trade
Convert crypto with one click and zero fees
Explore
Launchhub
Gain the edge early and start winning
Copy
Copy elite trader with one click
Bots
Simple, fast, and reliable AI trading bot
Trade
USDT-M Futures
Futures settled in USDT
USDC-M Futures
Futures settled in USDC
Coin-M Futures
Futures settled in cryptocurrencies
Explore
Futures guide
A beginner-to-advanced journey in futures trading
Futures promotions
Generous rewards await
Overview
A variety of products to grow your assets
Simple Earn
Deposit and withdraw anytime to earn flexible returns with zero risk
On-chain Earn
Earn profits daily without risking principal
Structured Earn
Robust financial innovation to navigate market swings
VIP and Wealth Management
Premium services for smart wealth management
Loans
Flexible borrowing with high fund security
A security incident occurring each month casts uncertainty on the strength of South Korea’s online protections

A security incident occurring each month casts uncertainty on the strength of South Korea’s online protections

Bitget-RWA2025/10/05 03:27
By:Bitget-RWA

South Korea is renowned for its ultra-fast internet, widespread broadband access, and its reputation as a digital trailblazer, home to major tech giants such as Hyundai, LG, and Samsung. However, this digital prowess has also made the nation an attractive target for cybercriminals, highlighting ongoing vulnerabilities in its cybersecurity infrastructure.  

A wave of significant cyberattacks has recently shaken the country, impacting credit card providers, telecommunications firms, tech startups, and government bodies, and affecting millions of South Koreans. In response to each incident, government ministries and regulators often acted separately, sometimes passing responsibility rather than working together. 

Observers point out that South Korea’s cyber defense efforts are hampered by a disjointed network of ministries and agencies, which often leads to delayed and poorly coordinated actions, according to local news sources. 

Without a designated government body to act as the primary responder after cyberattacks, the nation’s digital security efforts are struggling to keep up with its technological growth. 

“The government still sees cybersecurity mainly as a crisis response issue, not as a vital part of national infrastructure,” said Brian Pak, CEO of Seoul-based cybersecurity company Theori, in an interview with TechCrunch.  

Pak, who also advises SK Telecom’s parent company on cybersecurity strategy, explained to TechCrunch that the siloed approach among government agencies means that developing robust defenses and nurturing cybersecurity talent are often neglected. 

South Korea is also grappling with a significant lack of qualified cybersecurity professionals.  

“This is largely because the current system has stifled talent development. The shortage of skilled workers creates a negative feedback loop—without enough experts, it’s impossible to build and sustain the proactive security needed to counter evolving threats,” Pak added.  

Pak noted that ongoing political gridlock has led to a pattern of seeking immediate, superficial solutions after each incident, while the more difficult, long-term work of strengthening digital resilience is continually postponed. 

So far this year, South Korea has experienced at least one major cybersecurity breach almost every month, raising further doubts about the robustness of its digital infrastructure.  

January 2025 

  • GS Retail, which operates convenience stores and supermarkets nationwide, reported a data breach that compromised the personal information of approximately 90,000 customers after its website was attacked between December 27 and January 4. Exposed data included names, birth dates, contact details, addresses, and email addresses. 

February 2025 

  • Wemix, the blockchain division of Korean gaming company Wemade, suffered a $6.2 million cyber theft on February 28 , but investors were not informed until March 4. 

April and May 2025 

  • On April 30, Albamon, a South Korean part-time job platform, was breached, exposing the resumes of over 20,000 users, including their names, phone numbers, and email addresses.
  • In April, SK Telecom, one of the country’s largest telecom providers, was the victim of a significant cyberattack. Hackers accessed the personal data of about 23 million users—almost half the nation’s population. The aftermath continued into May, with millions of customers receiving replacement SIM cards as a precaution. 

June 2025  

  • Yes24, a leading online ticketing and retail site in South Korea, was hit by a ransomware attack on June 9 , causing a four-day service outage before operations resumed in mid-June. 

July 2025 

  • In July, the Kimsuky group, which is linked to North Korea, targeted South Korean organizations—including a defense-related entity—using AI-generated deepfake images in their cyberattack.
  • A North Korea-backed hacking group, Kimsuky, employed AI-created deepfake images in a July spear-phishing campaign against a South Korean military institution, according to Genians Security Center. The group has also attacked other organizations in the country.
  • Seoul Guarantee Insurance (SGI), a financial services provider, experienced a ransomware attack around July 14 , which disrupted its main systems. The breach halted essential services, such as issuing and verifying guarantees, leaving customers unable to access these functions. 

August 2025

  • Yes24 was struck by another ransomware attack in August 2025 , which briefly took its website and services offline. 
  • Hackers infiltrated Lotte Card, a South Korean financial company that issues credit and debit cards, between July 22 and August. The breach resulted in the exposure of about 200GB of data and is estimated to have affected nearly 3 million customers. The incident went undetected for roughly 17 days before being discovered on August 31. 
  • Welcome Financial: In August 2025, Welrix F&I, a subsidiary of Welcome Financial Group, was targeted in a ransomware attack. A hacking group with Russian ties claimed responsibility, stating they stole over a terabyte of internal documents, including sensitive customer information, and released samples on the dark web.
  • Hackers believed to be from the North Korea-linked Kimsuky group have been conducting espionage on foreign embassies in South Korea for months, disguising their attacks as routine diplomatic correspondence. Trellix reports that this campaign has been ongoing since March, targeting at least 19 embassies and foreign ministries in the country. 

September 2025  

  • KT, a major telecom provider in South Korea, disclosed a cyber incident that compromised the data of over 5,500 subscribers. The attack was traced to illegal “fake base stations” that infiltrated KT’s network, allowing hackers to intercept mobile communications, steal information such as IMSI, IMEI, and phone numbers, and even make unauthorized micro-payments. 

In response to the recent escalation in cyberattacks, the National Security Office under the South Korean Presidential Office is taking action to strengthen defenses, advocating for a unified, cross-agency approach to cybersecurity.  

In September 2025, the National Security Office revealed plans to introduce “comprehensive” cybersecurity measures through a coordinated interagency initiative led by the president’s office. Regulators also indicated that new laws would allow the government to launch investigations at the earliest signs of hacking—even if companies have not yet reported the incident. These steps are intended to address the absence of a designated first responder, a longstanding weakness in South Korea’s cyber defense. 

However, Pak cautioned that South Korea’s fragmented system makes it difficult to assign responsibility, and concentrating all authority in a presidential “control tower” could lead to excessive politicization and overreach.  

Pak suggested a more effective solution might be a balanced approach: a central body to set strategy and manage crises, combined with independent oversight to prevent abuse of power. In this hybrid system, expert agencies like KISA would continue to handle technical operations, but with clearer rules and accountability, Pak told TechCrunch.  

When asked for comment, a spokesperson for South Korea’s Ministry of Science and ICT stated that the ministry, along with KISA and other relevant agencies, is “dedicated to tackling increasingly complex and sophisticated cyber threats.”  

“We are working tirelessly to reduce potential risks to Korean businesses and the public,” the spokesperson said.

This article was first published on September 30.

0

Disclaimer: The content of this article solely reflects the author's opinion and does not represent the platform in any capacity. This article is not intended to serve as a reference for making investment decisions.

PoolX: Earn new token airdrops
Lock your assets and earn 10%+ APR
Lock now!