203 DDoS Reports Against Private Firms in Q1
Last Month, Eight Targets Included Foreign Ministry and LH
Foreign Hacker Groups Continue Penetration of Korea
AI Lowers the Barrier to Seizing Infrastructure
“We Need AI-Based, Multi-Layered Defenses
and Government Support for Cybersecurity”
Last Month, Eight Targets Included Foreign Ministry and LH
Foreign Hacker Groups Continue Penetration of Korea
AI Lowers the Barrier to Seizing Infrastructure
“We Need AI-Based, Multi-Layered Defenses
and Government Support for Cybersecurity”
This year’s first quarter saw 203 reported DDoS (distributed denial-of-service) incidents against South Korean private companies—about 34.5% of last year’s total—according to industry data. Experts say the rise reflects the spread of cyberwarfare to Korea amid global conflicts and rapid advances in artificial intelligence. If the trend continues, analysts warn, DDoS attacks could escalate to the point of crippling national infrastructure.
On May 6, the Korea Internet & Security Agency (KISA) reported that private companies and institutions filed 203 DDoS complaints in Q1. KISA’s annual counts for private-sector DDoS reports climbed from 213 in 2023 to 285 in 2024 and 588 in 2025. This year’s increase has accelerated further; a straight-line projection puts the year-end total near 812 incidents—roughly 38% higher than last year. In a DDoS attack, adversaries flood a network or system with massive malicious traffic to overload it and disrupt normal operations.
Attacks have not been limited to private firms; government ministries and major infrastructure operators are also being targeted. Pro-Russian group NoName057(16) claimed on Telegram last month that it launched DDoS attacks against more than eight Korean institutions, including the Ministry of Foreign Affairs, the Ministry of Trade, Industry and Energy, Korea Land & Housing Corporation (LH) and Korea Hydro & Nuclear Power. The group criticized South Korea’s support for Ukraine. The Foreign Ministry’s website briefly went offline on the afternoon of the 17th before service was restored. KISA warned last month that DDoS attacks by foreign hacking groups targeting Korean government, public and private organizations have continued amid the Russia-Ukraine war and conflicts in the Middle East, and urged organizations to strengthen defenses. DDoS is not new, but its role in broader cyberwarfare is growing. Following the war in Ukraine and renewed fighting in the Middle East, groups such as NoName057(16), ReaperSec and BD Anonymous have intensified hacktivist campaigns that reflect their patrons’ political positions. These actors increasingly strike adversary states as well as sympathetic third countries and institutions, bringing South Korea into their operational orbit. U.S. security firm Cyble warned in a January report that “hacktivists this year will demonstrate presence across energy, transportation and healthcare sectors,” and that attacks against major infrastructure in Taiwan, the Baltic states and South Korea may be framed as ransom demands but are likely driven by geopolitical aims.
The integration of AI raises the stakes further, increasing the likelihood that DDoS-driven hacktivism could achieve infrastructure-level disruption. Kim Ho-kwang, CEO of Betalabs, said, “Website outages are no longer the endpoint. The spike in DDoS reports signals more severe attacks to come. With AI, attackers can more easily compromise government servers to broadcast false messages or take control of critical systems.” A recent example cited by analysts is the March attack on U.S. medical-device maker Stryker by pro-Iran group Handala, which deleted internal payment-system data and disrupted the company’s supply chain. The Wall Street Journal described that incident as “the most significant wartime cyberattack” in U.S. history.
Security experts say a national-security-level response is needed. Kim urged that authorities raise the threat posture and deploy AI-driven, multi-layered defenses, noting, “We now live in an era where AI finds security vulnerabilities far faster than humans.” Yom Heung-ryeol, emeritus professor of information security at Soonchunhyang University, added, “Network appliances and services that stop DDoS attacks are costly, so individual organizations cannot adopt them comprehensively. The government should consider support from a cybersecurity and national-security perspective.”
- [Exclusive] Prosecutors Probe Samsung Semiconductor Lines…Moving to Bolster Expertise on Tech-Leak Investigations
- “Grab a Pizza and Head to Church” — Full House at a New York Cathedral as Gen Z Reshapes U.S. Worship [Park Sijin’s Global Pick]
- “If I Report It, the Loss Is Only ₩2,000 (about $1.50)”…Small-Business Owners at Their Wits’ End
- Will July Bring Changes to Special Land Tax and Market-Value Rules? “More Listings Could Hit Gangnam’s Top Districts” [KoJubu]
- South Korea’s Version of SpaceX? Hanwha Moves to Buy More KAI Shares by Year-End [Biz-Plus]
- Housing Outlook Slumps Under Regulation…Seoul Metro Prices “Still Rising”
- “No Cure, No Vaccine” — Respiratory Collapse and Organ Damage Reports Raise Alarms Over Possible Human-to-Human Spread
- [Exclusive] Science Talent Awards Budget Cut from ₩2.1 Billion (approximately $1,575,000) to ₩1.6 Billion (approximately $1,200,000)…“We Can’t Even Cover Judges’ Travel”
- 2028? 2029? When Will Wartime OPCON Transfer Happen…Lee: “We Must Be Ready to Operate Independently” [Lee Hyun-ho’s Military!Talk]
- “Fifth-Generation Indemnity” Cuts Low-Severity Coverage and Lowers Premiums…Set to Launch on the 6th
