Korea is world-renowned for hosting global technology brands such as Hyundai, LG and Samsung as a leader in fiery high-speed internet, nearby broadband coverage and digital innovation. However, this highly successful set the country a major target for hackers and revealed how vulnerable cybersecurity defenses are.
The country has swayed from a series of well-known hacks, affecting credit card companies and communications, and affecting the vast stripes of Koreans. In both cases, ministries and regulators seemed to scramble in parallel, sometimes postpone each other rather than move in unison.
Critics argue that South Korea's cyber defense is hampered by a fragmented system of government ministries and agencies, and local media reports often lead to slow, uncoordinated responses.
With no clear government agencies acting as “first responders” following cyberattacks, the country's cyber defense is struggling to respond to its digital ambitions.
“The government's approach to cybersecurity is primarily reactive and treats it as a crisis management issue rather than a critical national infrastructure,” Brian Pack, chief executive of the theory of a Seoul-based cybersecurity company, told TechCrunch.
Pak, who also serves as an advisor to the SK Telecom parent company's special committee on cybersecurity innovation, told TechCrunch that government agencies responsible for cybersecurity work in silos often develop skilled workers in digital defense and training.
The country also faces a severe shortage of skilled cybersecurity professionals.
“That's mostly because current approaches have hindered the development of the workforce. This lack of talent creates a vicious cycle. Without sufficient expertise, it is impossible to build and maintain the aggressive defenses needed to stay ahead of the threat,” Pack continued.
The political impasse has developed a habit of seeking a quick and obvious “quick fix” after each crisis, Pack said.
This year alone, there have been major cybersecurity incidents in Korea every month, further raising concerns about the resilience of South Korea's digital infrastructure.
January 2025
GS Retail, the operator of South Korea's convenience stores and grocery markets, has confirmed a data breaches that reveal the personal information of around 90,000 customers after the website was attacked between December 27th and January 4th.
February 2025
April and May 2025
South Korean part-time job platform Albamon was hit by a hacking attack on April 30th. The violation has exposed resumes of more than 20,000 users, including names, phone numbers and email addresses. In April, South Korean telecommunications giant SK Telecom was hit by a major cyber attack. Hackers stole the personal data of around 23 million customers. This is half the country's population. Much of the aftermath of the cyberattack continued into May, where millions of customers were offered new SIM cards following the violation.
June 2025
South Korea's online ticketing and retail platform Yes24 was hit by a ransomware attack on June 9th, bringing its services offline. The confusion lasted for about four days, and by mid-June the company had returned online.
July 2025
August 2025
Yes 24 faced a second ransomware attack in August 2025, taking its website and services offline for several hours. Hackers broke into Lotte Card, a Korean financial services company that issues credit and debit cards between July 22nd and August. The violation is believed to have exposed around 200GB of data and affected around 3 million customers. The violation was not overlooked for about 17 days until the company discovered it on August 31st. Welcom Financial: In August 2025, Welcom Financial Group's lending arm, Wellrics F&I, was hit by a ransomware attack. The hacking group linked to Russia claimed it had stolen terabytes of internal files, including sensitive customer data and even leaked samples on the dark web. A North Korean-linked hacker, believed to be a Kimsky group, has been spying on South Korea's foreign embassies for months by disguising their attacks as everyday diplomatic emails. According to Trellix, the campaign has been active since March and targets at least 19 embassies and the Ministry of Foreign Affairs in South Korea.
September 2025
According to the Genians Security Center, North Korean hacking group Kimsuky used deepfake images generated by AI in a July spear phishing attempt against South Korean military organizations. The group also targets other Korean institutions. KT, one of South Korea's largest telecom operators, reports cyber violations that publish subscriber data from over 5,500 customers. The attack was linked to illegal “fake base stations” that leveraged KT's network, allowing hackers to intercept mobile traffic, steal information such as IMSI, IMEI, phone numbers, and even create fraudulent micropays.
In light of the recent surge in hacking incidents, the South Korean Presidential Office's national security has stepped in to strengthen defenses and pushed efforts to send mining businesses that are collaborative and link multiple agencies with a national government response.
In September 2025, the National Security Agency announced that it would implement “comprehensive” cyber countermeasures through an inter-ministerial plan led by the South Korean Presidential Office. Regulators also pointed to legal changes that grant government authority to launch probes at the first indication of hacking, even if the company has not filed a report. Both steps aim to address the lack of first responders that have long hampered South Korea's cyber defense.
However, South Korea's fragmented system weakens accountability and places all powers on the president's “control tower,” which, according to Pak, allows for “politicization” and overreach.
A better path may be balanced. It's a central body for setting strategies and adjusting crisis, combined with independent surveillance to hold back power. In the hybrid model, experts like Kisa will still handle technical work. With simpler rules and accountability, Pak told TechCrunch.
When asked for comment, a spokesman for the South Korean Ministry of Science for ICT said, together with KISA and other related agencies, “we are committed to tackling increasingly sophisticated and sophisticated cyber threats.”
“We continue to work diligently to minimize potential harm to Korean businesses and the general public,” the spokesman added.