South Korea
-
Kimsuky uses fake Webex pages and HTTPSpy in South Korea attacks
Kimsuky targeted South Korean military and corporate entities in March and April 2026 with fake security pages, counterfeit Webex lures and a new HTTPSpy malware variant, according to technical analyses from ENKI and Kaspersky.
-
MuddyWater hackers targeted South Korean electronics maker in broad espionage campaign
MuddyWater targeted at least nine organizations in a cyberespionage campaign that included a major South Korean electronics maker, government agencies and an airport, according to Symantec. The group used DLL sideloading, PowerShell and other legitimate tools.
-
Hacker Threw MacBook Air in River after Breach that Exposed 33.7 Million Accounts
Investigators recovered a MacBook Air thrown into a river after a breach that exposed data for 33.7 million users. The company detailed a 1.685 trillion won compensation package and a government-led probe to manage the response.
-
South Korea to require facial scans for new mobile accounts to curb scams
The South Korean government will require facial recognition scans for new mobile accounts to curb scams, using biometric data stored in carriers’ PASS apps, after major data breaches and a large compensation order for SK Telecom customers.
-
Coupang says data breach exposed 33.7 million customer records
Coupang has acknowledged a data breach affecting about 33.7 million domestic customer accounts, exposing names, contact details, shipping addresses and partial order histories; the company says credentials and payment card data were not accessed, has notified authorities and is investigating.
-
Qilin ransomware deployed in supply-chain attack hits South Korean financial firms
Security researchers say a supply‑chain compromise of a managed service provider enabled Qilin ransomware to hit multiple South Korean financial firms in September 2025, stealing more than 1 million files and about 2 TB of data in a campaign researchers call “Korean Leaks.”
-
North Korea‑linked Kimsuky uses HttpTroy backdoor in spear‑phishing attack on South Korea
Security vendor Gen Digital said DPRK‑linked Kimsuky used a ZIP‑based spear‑phishing lure to deliver a three‑stage malware chain culminating in a new HttpTroy backdoor that provides extensive remote control and uses layered obfuscation.
-
ScarCruft Uses RokRAT in HanKook Phantom Campaign Targeting South Korea
Researchers have uncovered a targeted phishing campaign by North Korea-linked ScarCruft (APT37), dubbed Operation HanKook Phantom, delivering RokRAT to South Korean academics, former officials, and researchers via a manipulated LNK attack chain and PowerShell-based payloads, with exfiltration to multiple cloud services and a willingness to use decoy documents tied to high-profile statements.
-
State-sponsored XenoRAT campaign targets South Korean embassies, researchers say
A Trellix-led analysis describes a multi-phase, state-sponsored XenoRAT espionage campaign targeting South Korean embassies, with links to North Korea’s Kimsuky and indications of possible China-based sponsorship. The operation has conducted at least 19 spearphishing attacks since March, delivering XenoRAT via password-protected ZIP archives and complex, multilingual lures.
-
SK Telecom Confirms Massive Malware Breach Impacting Millions of Subscribers
SK Telecom has confirmed a substantial cybersecurity breach affecting the USIM data of around 27 million subscribers, with malware traces dating back to 2022. The company is taking extensive measures to secure its network, including offering free SIM replacements for affected customers.
