South Korea’s cyber landscape has recently been marked by a troubling increase in ransomware attacks and data breaches, raising significant concerns about the nation’s digital defenses. Prominent attacks have targeted large South Korean firms like Yes24 and Welrix F&I. On top of that, a record-setting data breach drove GS Retail out of business. These happenings highlight an alarming new trend in the world of cyber threats, one that is wreaking havoc on corporate assets and personal information.
In August 2025, Yes24, South Korea’s top online ticketing and retail platform. This incident was their second cyber attack in a few months. This cyber attack brought the site and services supporting it down for many hours. It exacerbated the disruptions caused by a previous attack on June 9, 2025. The previous breach took its services offline for four days. This extended outage led to the cancellation of dozens of concerts and even more devastating business losses across South Korea. They successfully resumed operations by mid-June, but the recent attack indicates ongoing vulnerabilities within its cybersecurity infrastructure.
Then there’s the lending unit of Welcome Financial Group, Welrix F&I, which suffered a ransomware incident in August 2025. Information regarding this particular incident still has been limited. More importantly, it sheds light into the COVID-19 related cyber threats South Korean companies are experiencing on a massive scale.
The reality of these cyber threats goes beyond individual companies. GS Retail acknowledged a data breach that compromised the personal data of almost 90,000 consumers. The new security failure allowed attackers to inject malicious code into the website from December 27, 2022, through January 4, 2023. Cover photo via rawpixel On April 30, 2025, Albamon, a South Korean part-time job platform, disclosed a major data breach. This leak released the resumes and other personal data of more than 20,000 users—including names, phone numbers, messages and email addresses—into the wild.
Second example Lotte Card, one of South Korea’s largest financial services providers, recently experienced a cyber breach. The hack exposed approximately 200GB of data, impacting an estimated 3 million customers. KT Corporation, the second-largest telecom operator in the country, is the latest victim to have a major cyber breach made public. This breach put subscriber information for over 5,500 subscribers at risk.
Topping these concerns are increasingly advanced attacks, which many have been traced back to North Korea-based saboteurs, such as the Kimsuky hacking group. In July 2025, this same group carried out a cyberattack on multiple South Korean entities, including a defense-related institution. They used AI-generated deepfake images as part of a spear-phishing campaign against a military institution. This tactic is representative of an evolving threat landscape, one where attackers are increasingly using advanced technology to augment and automate their tactics.
Additionally, reports indicate that the Kimsuky group has been surveilling foreign embassies in South Korea for several months, disguising their operations as routine diplomatic communications. Such activity presents serious national security risks and questions the overall resilience of South Korea’s military defense to external cyber threats.
In mid-February 2025, hackers stole $180 million from Wemix, the blockchain subsidiary of Korean gaming giant Wemade. In doing so, the company incurred a huge loss of $6.2 million. Just two months later, SK Telecom fell victim to another serious cyberattack underscoring the dashed state of cyber resiliency in the telecom sector.
On September 7, 2025, South Korea’s National Security Office (NSO) released a new, audacious countermeasure to mounting threats. They will roll out widespread cybersecurity standards via a whole-of-government approach, spearheaded by the presidentially-appointed interagency process. This plan is a crucial first step to strengthen the nation’s cybersecurity infrastructure and fight against the growing epidemic of cybercrime.
Brian Pak, a cybersecurity policy specialist, said the federal government’s prevailing cybersecurity strategy has serious shortcomings.
“The government’s approach to cybersecurity remains largely reactive, treating it as a crisis management issue rather than as critical national infrastructure.” – Brian Pak
He echoed the importance of asserting that this reactive approach limits our ability to build the cybersecurity talent pipeline.
“[That’s] mainly because the current approach has held back workforce development. This lack of talent creates a vicious cycle. Without enough expertise, it’s impossible to build and maintain the proactive defenses needed to stay ahead of threats.” – Brian Pak
To ease concerns, a spokesman for South Korea’s Ministry of Science and ICT gave the following statement. They are doing incredible things every day to fight against these challenges.
“We continue to work diligently to minimize potential harm to Korean businesses and the general public.” – spokesperson for South Korea’s Ministry of Science in ICT
