Korea is world-renowned for hosting global technology brands such as Hyundai, LG and Samsung as a leader in fiery high-speed internet, nearby broadband coverage and digital innovation. However, this highly successful set the country a major target for hackers and revealed how vulnerable cybersecurity defenses are.
The country is shaking from a series of prominent hacks that have impacted credit card companies, telecoms, tech startups, government agencies and affect the vast range of Koreans. In both cases, ministries and regulators seemed to scramble in parallel, sometimes postpone each other rather than move in unison.
Critics argue that South Korea's cyber defense is hampered by a fragmented system of government ministries and agencies, and local media reports often lead to slow, uncoordinated responses.
With no clear government agencies acting as “first responders” following cyberattacks, the country's cyber defense is struggling to respond to its digital ambitions.
“The government's approach to cybersecurity is primarily reactive and treats it as a crisis management issue rather than a critical national infrastructure,” Brian Pack, chief executive of the theory of a Seoul-based cybersecurity company, told TechCrunch.
Pak, who also serves as an advisor to the SK Telecom parent company's special committee on cybersecurity innovation, told TechCrunch that government agencies responsible for cybersecurity work in silos often develop skilled workers in digital defense and training.
The country also faces a severe shortage of skilled cybersecurity professionals.
“[That’s] Mainly because current approaches are hindering workforce development. This lack of talent creates a vicious cycle. Without sufficient expertise, it is impossible to build and maintain the aggressive defenses needed to stay ahead of the threat,” Pack continued.
The political impasse has developed a habit of seeking a quick and obvious “quick fix” after each crisis, Pack said.
This year alone, there have been major cybersecurity incidents in South Korea almost every month, further raising concerns about the resilience of South Korea's digital infrastructure.
January 2025
GS Retail, the operator of South Korea's convenience stores and grocery markets, has confirmed a data breaches that reveal the personal information of around 90,000 customers after the website was attacked between December 27th and January 4th.
February 2025
April and May 2025
South Korean part-time job platform Albamon was hit by a hacking attack on April 30th. The violation has exposed resumes of more than 20,000 users, including names, phone numbers and email addresses. In April, South Korean telecommunications giant SK Telecom was hit by a major cyber attack. Hackers stole the personal data of around 23 million customers. This is almost half the country's population. Much of the aftermath of the cyberattack continued into May, where millions of customers were offered new SIM cards following the violation.
June 2025
South Korea's online ticketing and retail platform Yes24 was hit by a ransomware attack on June 9th, bringing its services offline. The confusion lasted for about four days, and by mid-June the company had returned online.
July 2025
In July, North Korea-related Kimsky Group launched a cyberattack on South Korean organizations, including defense-related agencies, this time using deepfake images generated by AI. According to the Genians Security Center, Kimsuky, a North Korean-backed hacking group, used deepfake images generated by AI in a July spear phishing attempt against South Korean military organizations. The group also targets other Korean institutions. Seoul Guaranteed Insurance (SGI), a Korean financial institution, was hit by a ransomware attack around July 14th, disrupting its core systems. The incident enveloped customers by knocking key services offline, including issuing and verifying guarantees.
August 2025
Yes 24 faced a second ransomware attack in August 2025, taking its website and services offline for several hours. Hackers entered Lotte Card, a Korean financial services company that issues credit and debit cards from July 22nd to August. The violation is believed to have exposed around 200GB of data and affected around 3 million customers. The violation remained unnoticed for about 17 days until the company discovered it on August 31st. Welcome Finance: In August 2025, Welrix F&I, the lending unit of Welcome Financial Group, was hit by a ransomware attack. The hacking group linked to Russia claimed it had stolen terabytes of internal files, including sensitive customer data and even leaked samples on the dark web. North Korea-related hackers, believed to be the Kimsky group, have been spying on South Korea's foreign embassies for months by disguising their attacks as everyday diplomatic emails. According to Trellix, the campaign has been active since March and targets at least 19 embassies and the Ministry of Foreign Affairs in South Korea.
September 2025
KT, one of South Korea's largest telecom operators, reports cyber violations that publish subscriber data from over 5,500 customers. The attack was linked to illegal “fake base stations” that leveraged KT's network, allowing hackers to intercept mobile traffic, steal information such as IMSI, IMEI, phone numbers, and even create fraudulent micropays.
In light of the recent surge in hacking incidents, the South Korean Presidential Office's national security has stepped in to strengthen defenses and pushed efforts to send mining businesses that are collaborative and link multiple agencies with a national government response.
In September 2025, the National Security Agency announced that it would implement “comprehensive” cyber countermeasures through an inter-ministerial plan led by the South Korean Presidential Office. Regulators also pointed to legal changes that grant government authority to launch probes at the first indication of hacking, even if the company has not filed a report. Both steps aim to address the lack of first responders that have long hampered South Korea's cyber defense.
However, South Korea's fragmented system weakens accountability, and according to Pak, putting all powers in the president's “control tower” could risk “politicization” and overreach.
A better path may be balanced. It's a central body for setting strategies and adjusting crisis, combined with independent surveillance to hold back power. In the hybrid model, experts like Kisa will still handle technical work. With simpler rules and accountability, Pak told TechCrunch.
When asked for comment, a spokesman for the South Korean Ministry of Science for ICT said, together with KISA and other related agencies, “we are committed to tackling increasingly sophisticated and sophisticated cyber threats.”
“We continue to work diligently to minimize potential harm to Korean businesses and the general public,” the spokesman added.
This article was originally published on September 30th.