South Korea’s military has reported a significant surge in cyberattacks, with over 9,200 hacking attempts in the first half of 2025—an increase of 45% compared to the same period last year. The majority of these attacks are believed to originate from North Korea, highlighting the escalating cyber threat landscape in the region.
According to data provided to The Korea Herald by the office of Representative Yu Yong-weon of the main opposition People Power Party, the South Korean military faced 9,262 cyber intrusions between January and June 2025. Of these, 9,193 targeted the military’s official homepages, while 69 were email hacking attempts. No malicious code attacks were detected during this period. The military confirmed that all cyberattacks were successfully blocked, preventing any damage.
Historical data reveals a troubling trend: the number of attempted breaches has been steadily rising. In the first half of 2021, there were 6,146 attacks, followed by 4,943 in 2022, 6,805 in 2023, and 6,401 in 2024. The 2025 figures represent a 44.7% increase compared to the same period in 2024, underscoring the growing sophistication and frequency of cyber threats.
South Korea’s Cyber Operations Command attributed many of these attacks to North Korea, citing correlations between the routing IP addresses and the locations of the intrusion attempts. “We cannot precisely identify the actors behind the cyber intrusion attempts, but it is presumed that the majority were conducted by North Korea,” the command stated. Despite this, the military maintains a firm cyber readiness posture, continuously advancing its response systems.
Representative Yu Yong-weon emphasised the gravity of the situation, stating that “the fact that cyber intrusions targeting our military’s internet network marked an all-time high is actually a grave warning sign.” He warned that even a single successful intrusion could cause catastrophic damage to command-and-control systems and critical information assets. Yu called for enhanced security measures, including regular cyber intrusion simulations, strengthened security education for military personnel, and the establishment of a centralised cybersecurity control tower under direct presidential supervision.
Beyond direct military targets, cyberattacks on defence industry companies have also surged. In 2024, there were 16 reported cases of cyberattacks on defence contractors, a sharp rise from previous years. However, identifying the total number of breaches remains challenging due to the independent management of security systems under South Korea’s Defence Technology Security Act.
As cyber threats continue to evolve, South Korea must adapt its defence strategies to counter these sophisticated attacks. The escalating cyber warfare between the two Koreas underscores the need for robust cybersecurity frameworks, cross-sector collaboration, and proactive measures to safeguard national security.