Ministry of Science and ICT Announces Cyber Threat Trends for First Half of the Year
Over 1,000 Cyber Incident Reports in First Half
Large-Scale Cases Include SKT USIM Hacking and Yes24 Ransomware
The number of reported cyber incident cases in the first half of this year increased by 15% compared to the same period last year. Several incidents caused significant inconvenience to users, such as the SK Telecom USIM hacking incident and the ransomware infections at Yes24 and SGI Seoul Guarantee. In response, the government plans to introduce artificial intelligence (AI) to enhance incident response capabilities.
The Ministry of Science and ICT and the Korea Internet & Security Agency (KISA) announced the "Domestic Cyber Threat Trends for the First Half of 2025" on August 8, which includes these findings.
In the first half of this year, the number of reported cyber incident cases rose from 899 in the first half of last year to 1,034, marking an increase of approximately 15%. By industry, the information and communications sector accounted for the highest proportion of incidents at 32%, with the number of cases in this sector increasing by 29% compared to the same period last year. This was followed by manufacturing (157 cases), wholesale and retail (132 cases), and associations and similar organizations (59 cases).
Major incidents in the first half of this year included a large-scale USIM information leak at SK Telecom, a ransomware infection at Yes24, and hacking incidents at virtual asset exchanges.
For the SKT incident that occurred in April, the government formed a joint public-private investigation team in light of the seriousness of the case. Through forensic analysis and on-site investigations, the team concluded that the incident resulted from poor account management, insufficient encryption of sensitive information, and violations of relevant laws and regulations.
The Ministry of Science and ICT plans to use this incident as an opportunity to establish a robust cybersecurity system to counter increasingly sophisticated cyber threats, while also promoting the introduction of AI across all aspects of incident response.
Ransomware infection incidents also occurred in succession. Online bookstore Yes24 and SGI Seoul Guarantee suffered ransomware infections that led to major service disruptions. The Ministry of Science and ICT emphasized, "Given that backup systems are also being infected during ransomware incidents, companies must adhere to security guidelines for ransomware prevention, including safe backup management, regular recovery drills, and the application of the latest security patches."
Virtual asset hacking continued both domestically and internationally in the first half of this year, following last year. Attacks on virtual asset exchanges often penetrated through security vulnerabilities in partner companies. The Ministry of Science and ICT advised, "Companies should establish security management systems for their entire supply chain related to virtual asset services and strengthen ongoing information protection activities."
'Credential stuffing' incidents, which exploit leaked account information, are also continuing. Account information leaked via the dark web is being traded and used to log in to other websites to steal personal information. To prevent such incidents, companies should implement multi-factor authentication systems and establish zero-trust-based mechanisms to block abnormal user access. Users should also use different passwords for each website.
Choi Woo-hyuk, Director of Information Security Network Policy at the Ministry of Science and ICT, stated, "The government is actively introducing AI specialized for cybersecurity throughout the entire incident response cycle, including detection, response, investigation, and analysis, in order to counter increasingly intelligent and sophisticated cyber threats." He added, "We will strive to minimize damage to individuals and businesses, such as personal information leaks, through proactive detection and response to incidents."
Meanwhile, the 2025 first half Cyber Threat Trends Report can be found on the KISA Boho Nara website.
© The Asia Business Daily(www.asiae.co.kr). All rights reserved.
