Korea Cyber Monitor - South Korean Cybersecurity Incident Tracker

TIME SINCE MOST RECENT KOREAN CYBERSECURITY FAILURE

DAYS

HOURS

MINUTES

SECONDS

Recent Incidents

Previous record time without failure: 69 days

View All →

leakhigh5/28/2026

Personal Information Leaked from Government Websites

Government24 / Ministry of the Interior and Safety / related public institutions

South Korea's Personal Information Protection Committee announced fines over multiple personal data leaks tied to the Government24 service and related institutions. The incidents exposed sensitive information such as student life records, tax payment certificates, and resident registration details for 1,233 people, with additional exposure affecting parking lot manager information and other records.

#data breach#personal information#government#public records

hackhigh5/13/2026

Hacker Repatriated for Stealing Data of BTS, Conglomerate Leaders

Multiple domestic websites (victims included BTS, conglomerate leaders, venture companies)

A Chinese national hacker was forcibly repatriated from Thailand to South Korea after being arrested for leading a hacking organization that stole personal information from multiple domestic websites. The group used stolen data to create fraudulent 'budget phones' and embezzled over 38 billion Korean won.

#data breach#identity theft#fraud#international hacking#personal information

hackhigh4/1/2026

President Yoon Staff Email Breach

South Korean President's office staff

Presumed North Korean hackers breached personal emails of a staff member in President Yoon Suk Yeol's office. The incident highlights ongoing espionage risks to government communications. Response included enhanced security measures.

#North Korea#government#espionage

hackmedium4/1/2026

GitHub C2 in Multi-Stage Attacks Targeting South Korea

South Korean organizations

North Korean-linked Kimsuky group used GitHub as command-and-control in multi-stage phishing attacks against South Korean organizations. Campaigns involved decoy PDFs, PowerShell scripts for profiling and data exfiltration to GitHub repos. This reflects living-off-the-land techniques for persistence.

#North Korea#Kimsuky#phishing#C2

hackhigh3/26/2026

North Korean hackers blamed for hijacking popular Axios open source project

Axios software (impacting South Korean infrastructure)

North Korea-linked UNC1069 group breached Axios open-source software via a malicious update released early this week, aiming to steal login details. The software underpins much of the internet's infrastructure, potentially affecting South Korean services. Malicious code was removed after detection.

#supply chain#North Korea#malware

leakhigh3/13/2026

South Korea's ISMS-P Certification Program Under Fire Following Multiple Data Leaks

Multiple ISMS-P Certified Companies (Under Armour Korea, Lotte Card, Coupang)

Statistics released by the Personal Information Protection Commission (PIPC) on March 13, 2026, revealed that 27 out of 263 ISMS-P certified companies have suffered a total of 33 major data leaks over the past five years. The crisis was triggered by high-profile breaches at organizations that had recently received state cybersecurity certification, including Under Armour Korea and Lotte Card (which suffered a breach just 48 hours after receiving certification).

#certification failure#regulatory oversight#data protection#multiple breaches