More than 9,200 hacking attempts target South Korean military in six months

South Korea’s military said it intercepted more than 9,200 hacking attempts in the first six months of 2025, a nearly 45 percent increase from the same period last year, with most attacks believed to have originated from North Korea.

According to data provided to The Korea Herald by Representative Yu Yong-weon of the opposition People Power Party, the military recorded 9,262 cyber intrusion attempts between January and June. Of those, 9,193 targeted official military homepages, while 69 were email-based hacking attempts. No malicious code infiltrations were detected during the period.

Military officials confirmed that all attempted attacks were blocked and caused no damage. The surge represents a significant escalation from previous years, when 6,401 incidents were reported in the first half of 2024, 6,805 in 2023, 4,943 in 2022, and 6,146 in 2021.

South Korea’s Cyber Operations Command told Yu’s office that while precise attribution is difficult, the majority of attempts are presumed to have been carried out by North Korea. The assessment was based on correlations between IP routing locations and intrusion patterns.

“The military is maintaining a firm cyber readiness posture by advancing its response system,” the command said in a statement.

Yu warned that the unprecedented volume of intrusion attempts should be viewed as a critical warning sign. “Only one intrusion of the military network can cause fatal damage to the command-and-control system as well as critical information assets,” he said. He urged military authorities to strengthen awareness through more frequent security drills, system maintenance, and officer training, while implementing robust countermeasures.

He also called on the government to revise cybersecurity laws, including establishing a centralized “control tower” for cyber defense under the direct supervision of President Lee Jae Myung. Yu argued such a move is necessary to address increasingly advanced threats at the national level.

The trend is not confined to the military. Cyberattacks against defense industry firms also spiked in 2024, with 16 cases reported, up from four in 2023, two in 2022, and five in 2021. However, Yu’s office noted that full figures are difficult to determine because defense contractors manage their own systems independently under the Defence Technology Security Act, which requires companies to operate their own technology security systems.