South Korea is world famous for its flaming fast internet, almost universal broadband coverage and as a leader in digital innovation, hosting global tech brands such as Hyundai, LG and Samsung. But this very success has made the country a primary target for hackers and exposed how fragile its cyber security defense is left.
The country is rolling from a number of high-profile hacks affecting credit card companies, telecommunications, tech startups and state agencies affecting large cuts of the South Korean population. In both cases, ministries and regulators seemed to crawl in parallel, sometimes exposing each other rather than moving unisont.
Critics claim that South Korea’s cyber defense is hindered by a fragmented system of government ministries and agencies that often result in slow and uncoordinated answers, per. Local media reports.
Without any clear government agency that acts as a “first responder” after a cyber attack, the country’s cyber defense is struggling to keep up with its digital ambitions.
“The government’s approach to cyber security remains largely reactive and treats it as a crisis management question rather than as a critical national infrastructure,” Brian Pak, CEO of Seoul-based Cyber Security Company Theory, told TechCrunch.
Pak, which also serves as an advisor to SK Telecom’s parent company’s special committee for cybersecurity -innovations, Techcrunch told that because government agencies, which are tasked with cybersecurity work in silos, developed digital defense and training of qualified workers are often overlooked.
The country is also facing a serious shortage of qualified cybersecurity experts.
“[That’s] Mainly because the current approach has held back workforce development. This lack of talent creates a vicious circle. Without adequate expertise, it is impossible to build and maintain the proactive defense needed to stay ahead of threats, ”Pak continued.
Political stalemate has promoted a habit of seeking quick, obvious “quick corrections” after every crisis, Pak said, all the time, the more challenging, long -term work of building digital resilience continues sidelines.
This year alone, there has been a major cybersecurity event in South Korea almost every month, which further mounted concerns about the resilience of South Korea’s digital infrastructure.
January 2025
- GS Retail, the operator of convenience stores and grocery markets across South Korea, confirmed a data violation that exposed the personal details of about 90,000 customers after its site was attacked between December 27 and January 4. The stolen information included names, birth dates, contact information, addresses and e -mail addresses.
February 2025
April and May 2025
- South Korea’s part -time job platform Albamon was hit by a hacking attack on April 30. The violation exposed the resume of more than 20,000 users, including names, phone numbers and email addresses.
- In April, South Korea’s Telecom giant SK Telecom was hit by a major cyberattack. Hackers stole personal data for about 23 million customers – almost half of the country’s population. Much of the wake of Cyberattack lasted through May, where millions of customers were offered a new SIM card after the violation.
June 2025
- YES24, South Korea’s online ticketing and retail platform, was hit by a ransomware -attack on June 9, knocking its services offline. The disturbance lasted about four days with the company back online in mid -June.
July 2025
- In July, the North Korea-Bunded Kimsuky group launched a cyberattack at South Korean organizations, including a defense-related institution, this time using AI-generated Deepfake images.
- A North Korea-supported hacking group, Kimsuky, used AI-Generated Deepfake images in a July spearfishing attempt in July against a South Korean military organization, according to the Genians Security Center. The group has also targeted other South Korean institutions.
- Seoul Guarantee Insurance (SGI), a Korean financial institution, was hit by a ransomware attack around July 14, which disturbed its core systems. The incident knocked important services offline, including issuing and verification of warranties, which left the customers in Limbo.
August 2025
- Yes24 was facing another Ransomware attack in August 2025, which took its website and services offline for a few hours.
- Hackers broke into the South Korean financial service company Lotte Card, which issues credit and debit cards, between July 22 and August. The violation exposed around 200 GB of data and is believed to have affected approx. 3 million customers. The violation remained unnoticed for about 17 days until the company discovered it on August 31st.
- Welcome Financial: In August 2025, Welrix F&I, a lending arm from Welcome Financial Group, was hit by a ransomware attack. A Russian-bound hacking group claimed it stole over a terabyte of internal files, including sensitive customer data, and even leaked samples on the dark web.
- North Korea-connected hackers who are believed to be the Kimsuky group have been spying at foreign embassies in South Korea for months by hiding their attacks as routine diplomatic emails. According to Trellix, the campaign has been active since March and has targeted at least 19 embassies and foreign ministries in South Korea.
September 2025
- KT, one of South Korea’s largest telecommunications operators, has reported a cyber breach that exposed subscriber data from more than 5,500 customers. The attack was linked to illegal “fake base stations” that knocked on KT’s network so hackers can intercept mobile traffic, steal information such as IMSI, IMEI and phone numbers and even make unauthorized micro payments.
In light of the recent increase in hacking events, the South Korean Presidential Office’s national security is tightening in to tighten the defense and pushes for a cross-cutting ministerial effort that brings several agencies together in a coordinated, full-government response.
In September 2025, the National Security Office announced that it would implement “comprehensive” cyber measures through an interagecy plan, led by the South Korean presidential office. Authorities also signaled a legal change that gave the government’s power to start probes at the first sign of hacking – even though companies have not filed a report. Both steps aim to tackle the lack of a first responder who has long hindered South Korea’s cyber defense.
But South Korea’s fragmented system leaves responsibility weak and places all authority in a presidential “control tower” could risk “politicization” and overreach, according to Pak.
A better path can be balance: a central body to set strategy and coordinate crises, paired with independent supervision to keep power in check. In a hybrid model, expert agencies like KISA would still handle the technical work – just with more straightforward rules and accountability, Pak told Techcrunch.
When it is commented, a spokesman for South Korea’s Science Ministry of ICT said that the ministry, with Kisa and other relevant agencies, “is obliged to tackle increasingly sophisticated and advanced cyber threats.”
“We continue to work diligently to minimize potential damage to Korean companies and the public,” the spokesman added.
This article was originally published on September 30.