Korea Cyber Monitor - South Korean Cybersecurity Incident Tracker

TIME SINCE MOST RECENT KOREAN CYBERSECURITY FAILURE

DAYS

HOURS

MINUTES

SECONDS

Recent Incidents

Previous record time without failure: 69 days

View All →

hackhigh4/1/2026

President Yoon Staff Email Breach

South Korean President's office staff

Presumed North Korean hackers breached personal emails of a staff member in President Yoon Suk Yeol's office. The incident highlights ongoing espionage risks to government communications. Response included enhanced security measures.

#North Korea#government#espionage

hackmedium4/1/2026

GitHub C2 in Multi-Stage Attacks Targeting South Korea

South Korean organizations

North Korean-linked Kimsuky group used GitHub as command-and-control in multi-stage phishing attacks against South Korean organizations. Campaigns involved decoy PDFs, PowerShell scripts for profiling and data exfiltration to GitHub repos. This reflects living-off-the-land techniques for persistence.

#North Korea#Kimsuky#phishing#C2

hackhigh3/26/2026

North Korean hackers blamed for hijacking popular Axios open source project

Axios software (impacting South Korean infrastructure)

North Korea-linked UNC1069 group breached Axios open-source software via a malicious update released early this week, aiming to steal login details. The software underpins much of the internet's infrastructure, potentially affecting South Korean services. Malicious code was removed after detection.

#supply chain#North Korea#malware

leakhigh3/13/2026

South Korea's ISMS-P Certification Program Under Fire Following Multiple Data Leaks

Multiple ISMS-P Certified Companies (Under Armour Korea, Lotte Card, Coupang)

Statistics released by the Personal Information Protection Commission (PIPC) on March 13, 2026, revealed that 27 out of 263 ISMS-P certified companies have suffered a total of 33 major data leaks over the past five years. The crisis was triggered by high-profile breaches at organizations that had recently received state cybersecurity certification, including Under Armour Korea and Lotte Card (which suffered a breach just 48 hours after receiving certification).

#certification failure#regulatory oversight#data protection#multiple breaches

hackMedium3/4/2026

Phishing Gang Arrested for Stealing 800 Million Won

Virtual Wallets (Korean Phishing Gang)

Seoul Police arrested 7 members of a phishing gang that stole 800 million won from virtual wallets. The arrests occurred around March 4, 2026. This highlights ongoing phishing threats in South Korea's crypto sector.

#phishing#crypto#virtual wallets

leakHigh3/4/2026

Full Data of NR Capital (South Korea) Allegedly Leaked

NR Capital

Cybersecurity intelligence identified a high-priority 'Total Disclosure' listing of NR Capital's full data on secondary marketplaces following the March 4, 2026 takedown of LeakBase forum. The exfiltrated dataset suggests a complete server-side export of sensitive financial data. This breach heightens risks for phishing and credential stuffing in South Korea's financial sector.

#data breach#financial#leakbase