{"id":100306,"date":"2025-10-05T07:13:14","date_gmt":"2025-10-05T07:13:14","guid":{"rendered":"https:\/\/neclink.com\/index.php\/2025\/10\/05\/a-breach-every-month-raises-doubts-about-south-koreas-digital-defenses\/"},"modified":"2025-10-05T07:13:14","modified_gmt":"2025-10-05T07:13:14","slug":"a-breach-every-month-raises-doubts-about-south-koreas-digital-defenses","status":"publish","type":"post","link":"https:\/\/neclink.com\/index.php\/2025\/10\/05\/a-breach-every-month-raises-doubts-about-south-koreas-digital-defenses\/","title":{"rendered":"A breach every month raises doubts about South Korea&#8217;s digital defenses"},"content":{"rendered":"<p> <br \/>\n<\/p>\n<div>\n<p id=\"speakable-summary\" class=\"wp-block-paragraph\">South Korea is world-famous for its blazing-fast internet, near-universal broadband coverage, and as a leader in digital innovation, hosting global tech brands like Hyundai, LG, and Samsung. But this very success has made the country a prime target for hackers and exposed how fragile its cybersecurity defenses remain.\u00a0\u00a0<\/p>\n<p class=\"wp-block-paragraph\">The country is reeling from a string of high-profile hacks, affecting credit card companies, telecoms, tech startups, and government agencies, impacting vast swathes of the South Korean population. In each case, ministries and regulators appeared to scramble in parallel, sometimes deferring to one another rather than moving in unison.\u00a0<\/p>\n<p class=\"wp-block-paragraph\">Critics argue that South Korea\u2019s cyber defenses are hindered by a fragmented system of government ministries and agencies, often resulting in slow and uncoordinated responses, <a href=\"https:\/\/www.koreatimes.co.kr\/business\/tech-science\/20250922\/calls-grow-for-cybersecurity-control-tower\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">per local media reports<\/a>.\u00a0<\/p>\n<p class=\"wp-block-paragraph\">With <a href=\"https:\/\/en.yna.co.kr\/view\/AEN20250922001000315#:~:text=In%20response%2C%20the%20government%20announced,advanced%20cyberattacks%20remains%20in%20doubt.\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">no clear government agency acting as \u201cfirst responder\u201d<\/a> following a cyberattack, the country\u2019s cyber defenses are struggling to keep pace with its digital ambitions.\u00a0<\/p>\n<p class=\"wp-block-paragraph\">\u201cThe government\u2019s approach to cybersecurity remains largely reactive, treating it as a crisis management issue rather than as critical national infrastructure,\u201d Brian Pak, the chief executive of Seoul-based cybersecurity firm Theori, told TechCrunch.\u00a0\u00a0<\/p>\n<p class=\"wp-block-paragraph\">Pak, who also serves as an advisor to SK Telecom\u2019s parent company\u2019s special committee on cybersecurity innovations, told TechCrunch that because government agencies tasked with cybersecurity work in silos, developing digital defenses and training skilled workers often get overlooked.\u00a0<\/p>\n<p class=\"wp-block-paragraph\">The country is also facing a severe shortage of skilled cybersecurity experts.\u00a0\u00a0<\/p>\n<p class=\"wp-block-paragraph\">\u201c[That\u2019s] mainly because the current approach has held back workforce development. This lack of talent creates a vicious cycle. Without enough expertise, it\u2019s impossible to build and maintain the proactive defenses needed to stay ahead of threats,\u201d Pak continued.\u00a0\u00a0<\/p>\n<p class=\"wp-block-paragraph\">Political deadlock has fostered a habit of seeking quick, obvious \u201cquick fixes\u201d after each crisis, said Pak, all the while the more challenging, long-term work of building digital resilience continues to be sidelined.\u00a0<\/p>\n<p class=\"wp-block-paragraph\">This year alone, there has been a major cybersecurity incident in South Korea almost every month, further mounting concerns over the resilience of South Korea\u2019s digital infrastructure.\u00a0\u00a0<\/p>\n<h2 class=\"wp-block-heading\" id=\"h-january-2025-nbsp\">January 2025\u00a0<\/h2>\n<ul class=\"wp-block-list\">\n<li class=\"wp-block-list-item\">GS Retail, the operator of convenience stores and grocery markets across South Korea,<a href=\"https:\/\/biz.chosun.com\/en\/en-retail\/2025\/01\/06\/VVNMSAYGDBFMPL5TGSDN2M52R4\/\" target=\"_blank\" rel=\"noreferrer noopener nofollow\"> confirmed<\/a> a data breach that exposed the personal details of about 90,000 customers after its website was attacked between December 27 and January 4. The stolen information included names, birth dates, contact details, addresses, and email addresses.\u00a0<\/li>\n<\/ul>\n<h2 class=\"wp-block-heading\" id=\"h-february-2025-nbsp\">February 2025\u00a0<\/h2>\n<h2 class=\"wp-block-heading\" id=\"h-april-and-may-2025-nbsp\">April and May 2025\u00a0<\/h2>\n<ul class=\"wp-block-list\">\n<li class=\"wp-block-list-item\">South Korea\u2019s part-time job platform <a href=\"https:\/\/koreajoongangdaily.joins.com\/news\/2025-05-02\/national\/socialAffairs\/Albamon-suffers-data-breach-affecting-more-than-22000-resume-entries\/2298923\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">Albamon was hit by a hacking attack on April 30<\/a>. The breach exposed the resumes of more than 20,000 users, including names, phone numbers, and email addresses.<\/li>\n<li class=\"wp-block-list-item\">In April, South Korea\u2019s telecom giant <a href=\"https:\/\/techcrunch.com\/2025\/05\/08\/a-timeline-of-south-korean-telco-giant-skts-data-breach\/\">SK Telecom was hit by a major cyberattack<\/a>. Hackers stole the personal data of about 23 million customers \u2014 nearly half the country\u2019s population. Much of the aftermath of the cyberattack lasted through May, in which millions of customers were offered a new SIM card following the breach.\u00a0<\/li>\n<\/ul>\n<h2 class=\"wp-block-heading\" id=\"h-june-2025-nbsp-nbsp\">June 2025\u00a0\u00a0<\/h2>\n<ul class=\"wp-block-list\">\n<li class=\"wp-block-list-item\">Yes24, South Korea\u2019s online ticketing and retail platform, <a href=\"https:\/\/rhisac.org\/threat-intelligence\/yes24-ransomware-outage-causes-multiple-concert-cancelations-and-business-impact-in-south-korea\/\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">was hit by a ransomware attack on June 9<\/a>, which knocked its services offline. The disruption lasted for about four days, with the company back online by mid-June.\u00a0<\/li>\n<\/ul>\n<h2 class=\"wp-block-heading\" id=\"h-july-2025-nbsp\">July 2025\u00a0<\/h2>\n<ul class=\"wp-block-list\">\n<li class=\"wp-block-list-item\">In July, the North Korea-linked Kimsuky group <a href=\"https:\/\/www.aa.com.tr\/en\/asia-pacific\/north-korea-linked-hackers-target-south-korean-defense-related-organization-using-ai-deepfake-report\/3687577\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">launched a cyberattack on South Korean organizations, including a defense-related institution<\/a>, this time using AI-generated deepfake images.<\/li>\n<li class=\"wp-block-list-item\">A North Korea-backed hacking group, Kimsuky, used AI-generated deepfake images in a July spear-phishing attempt against a South Korean military organization, <a rel=\"nofollow\" href=\"https:\/\/www.aa.com.tr\/en\/asia-pacific\/north-korea-linked-hackers-target-south-korean-defense-related-organization-using-ai-deepfake-report\/3687577\">according to Genians Security Center<\/a>. The group has also targeted other South Korean institutions.<\/li>\n<li class=\"wp-block-list-item\">Seoul Guarantee Insurance (SGI), a Korean financial institution, was <a href=\"https:\/\/www.koreaherald.com\/article\/10533033\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">hit by a ransomware attack around July 14<\/a>, which disrupted its core systems. The incident knocked key services offline, including the issuing and verification of guarantees, leaving customers in limbo.\u00a0<\/li>\n<\/ul>\n<h2 class=\"wp-block-heading\" id=\"h-august-2025\">August 2025<\/h2>\n<ul class=\"wp-block-list\">\n<li class=\"wp-block-list-item\">Yes24<a href=\"https:\/\/koreajoongangdaily.joins.com\/news\/2025-08-11\/business\/tech\/Yes24-website-down-again-only-2-months-after-ransomware-attack\/2372844\" target=\"_blank\" rel=\"noreferrer noopener nofollow\"> faced a second ransomware attack in August 2025<\/a>, which took its website and services offline for a few hours.\u00a0<\/li>\n<li class=\"wp-block-list-item\">Hackers broke into South Korean financial services company Lotte Card, which issues credit and debit cards, between July 22 and August. The breach exposed around 200GB of data and is believed to have affected roughly <a href=\"https:\/\/www.cpomagazine.com\/cyber-security\/lotte-cardholder-data-breach-impacts-nearly-3-million-customers-with-280000-at-risk-of-fraud\/\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">3 million customers<\/a>. The breach remained unnoticed for approximately 17 days, until the company discovered it on August 31.\u00a0<\/li>\n<li class=\"wp-block-list-item\">Welcome Financial: In August 2025, Welrix F&amp;I, a lending arm of Welcome Financial Group, <a href=\"https:\/\/koreajoongangdaily.joins.com\/news\/2025-08-18\/business\/industry\/Welcome-Financial-Group-lending-unit-suffers-ransomware-attack-internal-documents-exposed\/2378284\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">was hit by a ransomware attack<\/a>. A Russian-linked hacking group claimed it stole over a terabyte of internal files, including sensitive customer data, and even leaked samples on the dark web.<\/li>\n<li class=\"wp-block-list-item\">North Korea-linked hackers, believed to be the Kimsuky group, have been spying on foreign embassies in South Korea for months by disguising their attacks as routine diplomatic emails. According to Trellix, the campaign has been active <a href=\"https:\/\/therecord.media\/north-korean-hackers-target-foreign-embassies?\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">since March and has targeted at least 19 embassies and foreign ministries<\/a> in South Korea.\u00a0<\/li>\n<\/ul>\n<h2 class=\"wp-block-heading\" id=\"h-september-2025-nbsp-nbsp\">September 2025\u00a0\u00a0<\/h2>\n<ul class=\"wp-block-list\">\n<li class=\"wp-block-list-item\">KT, one of South Korea\u2019s biggest telecom operators, has reported a cyber breach that exposed subscriber data from more than 5,500 customers. The attack was linked to illegal \u201cfake base stations\u201d that tapped into KT\u2019s network, enabling hackers to intercept mobile traffic, steal information like IMSI, IMEI, and phone numbers, and even make unauthorized micro-payments.\u00a0<\/li>\n<\/ul>\n<p class=\"wp-block-paragraph\">In light of the recent surge in hacking incidents, the South Korean Presidential Office\u2019s National Security is stepping in to tighten defenses, <a href=\"https:\/\/www.lightreading.com\/regulatory-politics\/south-korea-forms-interagency-body-to-curb-data-breaches-as-kt-reports-new-incidents?utm_source=chatgpt.com\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">pushing for a cross-ministerial effort that brings multiple agencies together in a coordinated<\/a>, whole-of-government response.\u00a0\u00a0<\/p>\n<p class=\"wp-block-paragraph\">In September 2025, the National Security Office announced that it would implement <a href=\"https:\/\/en.yna.co.kr\/view\/AEN20250922008700315\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">\u201ccomprehensive\u201d cyber measures<\/a> through an interagency plan, led by the South Korean president\u2019s office. Regulators also signaled a legal change giving the government power to launch probes <a href=\"https:\/\/www.ajupress.com\/view\/20250922154604642\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">at the first sign of hacking \u2014 even if companies haven\u2019t filed a report<\/a>. Both steps aim to address the lack of a first responder that has long hindered South Korea\u2019s cyber defenses.\u00a0<\/p>\n<p class=\"wp-block-paragraph\">But South Korea\u2019s fragmented system leaves accountability weak, placing all authority in a presidential \u201ccontrol tower\u201d could risk \u201cpoliticization\u201d and overreach, according to Pak.\u00a0\u00a0<\/p>\n<p class=\"wp-block-paragraph\">A better path may be balance: a central body to set strategy and coordinate crises, paired with independent oversight to keep power in check. In a hybrid model, expert agencies like<a href=\"https:\/\/www.kisa.or.kr\/EN\" target=\"_blank\" rel=\"noreferrer noopener nofollow\"> KISA<\/a> would still handle the technical work \u2014 just with more straightforward rules and accountability, Pak told TechCrunch.\u00a0\u00a0<\/p>\n<p class=\"wp-block-paragraph\">When reached for comment, a spokesperson for the South Korea\u2019s Ministry of Science in ICT said the ministry, with KISA and other relevant agencies, is \u201ccommitted to addressing increasingly sophisticated and advanced cyber threats.\u201d\u00a0\u00a0<\/p>\n<p class=\"wp-block-paragraph\">\u201cWe continue to work diligently to minimize potential harm to Korean businesses and the general public,\u201d the spokesperson added.<\/p>\n<p class=\"wp-block-paragraph\"><em>This article was originally published on September 30.<\/em><\/p>\n<\/div>\n<p><br \/>\n<br \/><a href=\"https:\/\/techcrunch.com\/2025\/10\/04\/a-breach-every-month-raises-doubts-about-south-koreas-digital-defenses\/\">Source link <\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>South Korea is world-famous for its blazing-fast internet, near-universal broadband coverage, and as a leader in digital innovation, hosting global tech brands like Hyundai, LG,<\/p>\n","protected":false},"author":1,"featured_media":100307,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"categories":[178],"tags":[],"class_list":["post-100306","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-tech"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/neclink.com\/index.php\/wp-json\/wp\/v2\/posts\/100306","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/neclink.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/neclink.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/neclink.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/neclink.com\/index.php\/wp-json\/wp\/v2\/comments?post=100306"}],"version-history":[{"count":0,"href":"https:\/\/neclink.com\/index.php\/wp-json\/wp\/v2\/posts\/100306\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/neclink.com\/index.php\/wp-json\/wp\/v2\/media\/100307"}],"wp:attachment":[{"href":"https:\/\/neclink.com\/index.php\/wp-json\/wp\/v2\/media?parent=100306"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/neclink.com\/index.php\/wp-json\/wp\/v2\/categories?post=100306"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/neclink.com\/index.php\/wp-json\/wp\/v2\/tags?post=100306"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}