Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label South Korea. Show all posts
South Korea
Cyber Security Data Breach Shinhan Card South Korea

Shinhan Card Probes Internal Data Leak Affecting About 190,000 Merchants

 

Shinhan Card, South Korea’s largest credit card issuer, said on December 23 that personal data linked to about 190,000 merchant representatives was improperly accessed and shared by employees over a three year period, highlighting ongoing concerns around internal data controls in the country’s financial sector. 

The company said roughly 192,000 records were leaked between March 2022 and May 2025. The exposed information included names, mobile phone numbers, dates of birth and gender details of franchise owners. 

Shinhan Card said no resident registration numbers, card details or bank account information were involved and that the incident did not affect general customers. According to the company, the breach was uncovered after a whistleblower submitted evidence to South Korea’s Personal Information Protection Commission, prompting an investigation. 

Shinhan Card began an internal review after receiving a request for information from the regulator in mid November. Investigators found that 12 employees across regional branches in the Chungcheong and Jeolla areas had taken screenshots or photos of merchant data and shared them via mobile messaging apps with external sales agents. 

The information was allegedly used to solicit new card applications from recently registered merchants, including restaurants and pharmacies. Shinhan Card said verifying the scale of the leak took several weeks because the data was spread across more than 2,200 image files containing about 280,000 merchant entries in varying formats. 

Each file had to be checked against internal systems to confirm what information was exposed. Chief Executive Park Chang hoon issued a public apology, saying the leak was caused by unauthorized employee actions rather than a cyberattack. 

He said the company had blocked further access, completed internal audits and strengthened access controls. Shinhan Card said the employees involved would be held accountable. The company added that affected merchants are being notified individually and can check their status through an online portal. 

It said compensation would be provided if any damage is confirmed. The incident adds to a series of internal data misuse cases in South Korea’s financial industry. Regulators said they are assessing whether the breach violates national data protection laws and what penalties may apply. 

The Financial Supervisory Service said it has so far found no evidence that credit information was leaked but will continue to monitor the case. 

Analysts say the Shinhan Card case underscores the growing risk posed by insider misuse as financial institutions expand digital services and data driven operations, putting renewed focus on employee oversight and internal governance.
Read more »
South Korea
AI Cloud Coupang Cyber Security Data Leak Retail Store South Korea

Online Retail Store Coupang Suffers South Korea's Worst Data Breach, Leak Linked to Former Employee


33.7 million customer data leaked

Data breach is an unfortunate attack that businesses often suffer. Failing to address these breaches is even worse as it costs businesses reputational and privacy damage. 

A breach at Coupang that leaked the data of 33.7 million customers has been linked to a former employee who kept access to internal systems after leaving the organization. 

About the incident 

The news was reported by the Seoul Metropolitan Police Agency with news agencies after an inquiry that involved a raid on Coupang's offices recently. The firm is South Korea's biggest online retailer. It employs 95,000 people and generates an annual revenue of more than $30 billion. 

Earlier in December, Coupang reported that it had been hit by a data breach that leaked the personal data of 33.7 million customers such as email IDs, names, order information, and addresses.

The incident happened in June, 2025, but the firm found it in November and launched an internal investigation immediately. 

The measures

In December beginning, Coupang posted an update on the breach, assuring the customers that the leaked data had not been exposed anywhere online. 

Even after all this, and Coupang's full cooperation with the authorities, the officials raided the firm's various offices on Tuesday to gather evidence for a detailed enquiry.

Recently, Coupang's CEO Park Dae-Jun gave his resignation and apologies to the public for not being able to stop what is now South Korea's worst cybersecurity breach in history. 

Police investigation 

In the second day of police investigation in Coupang's offices, the officials found that the main suspect was a 43-year old Chinese national who was an employee of the retail giant. The man is called JoongAng, who joined the firm in November 2022 and overlooked the authentication management system. He left the firm in 2024. JoongAng is suspected to have already left South Korea. 

What next?

According to the police, although Coupang is considered the victim, the business and staff in charge of safeguarding client information may be held accountable if carelessness or other legal infractions are discovered. 

Since the beginning of the month, the authorities have received hundreds of reports of Coupang impersonation. Meanwhile, the incident has caused a large amount of phishing activity in the country, affecting almost two-thirds of its population.

Read more »
Technology
Data Centre data service company Government South Korea Technology

Government Operations in Chaos After South Korea Data Centre Fire




A massive disruption has struck South Korea’s government operations after a fire at a national data centre crippled hundreds of digital services, exposing serious weaknesses in the country’s technology infrastructure.

The incident occurred on Friday at the National Information Resources Service (NIRS) in Daejeon, where a blaze broke out during regular maintenance in a server room. The centre is a critical backbone of South Korea’s digital governance, hosting online platforms used by numerous ministries and agencies. Officials confirmed that out of 647 affected government systems, only 62 had been restored as of Monday.


Disruption Across Core Agencies

The outage has impacted major institutions, including Korea Customs, the National Police Agency, and the National Fire Agency, while even the Ministry of the Interior and Safety’s website remained inaccessible at the start of the week. With no clear timeline for complete restoration, authorities continue to work on recovering the systems.

Safety Minister Yun Ho-jung said that services were gradually coming back online, highlighting the return of Government24, the central online portal for public administration, and digital platforms operated by Korea Post. He acknowledged that the outage has caused widespread inconvenience and urged government bodies to cooperate to minimize disruptions as public demand for services increases during the work week.

President Lee Jae-myung publicly apologized for the breakdown, expressing concern that the government had not developed stronger contingency systems despite similar disruptions in the past. He directed ministries to urgently strengthen cybersecurity and propose emergency budgets for backup and recovery systems to prevent future incidents.

Preliminary findings suggest the fire began after a battery explosion in the facility. The battery, produced by LG Energy Solution and maintained by its affiliate LG CNS, was reportedly over ten years old and beyond its warranty period. According to the safety ministry, LG CNS had recommended replacement during an inspection last year, though the batteries continued to function at the time. The company has not issued further comments while investigations are underway.


Citizens Face Real-World Impact

The shutdown of online systems has forced residents to visit local offices in person for routine tasks such as obtaining ID cards, real estate documents, and school application forms.

A 25-year-old resident, Kim, said she had to delay travel plans to collect documents that were normally accessible online. Similarly, Kim Doo-han, 74, said he had to cancel his morning plans to visit a community service centre after hearing about the outage.

Officials working in these centres were seen noting down which services remained unavailable and manually assisting residents— a scene that highlighted the scale of the disruption and the country’s heavy reliance on digital governance.


Experts Warn of Complacency

Technology experts say the incident reflects insufficient preparedness for large-scale system failures. Lee Seong-yeob, a professor at Korea University, said national agencies should never experience such disruptions and urged the government to implement real-time backup and synchronization systems without delay.

As recovery efforts continue, authorities have cautioned that service interruptions could persist for several days. The government has promised to keep citizens informed as restoration progresses.






Read more »
South Korea
AI Apps AI technology Data Privacy data security DeepSeek Privacy privacy laws South Korea

South Korea Blocks DeepSeek AI App Downloads Amid Data Security Investigation

 

South Korea has taken a firm stance on data privacy by temporarily blocking downloads of the Chinese AI app DeepSeek. The decision, announced by the Personal Information Protection Commission (PIPC), follows concerns about how the company collects and handles user data. 

While the app remains accessible to existing users, authorities have strongly advised against entering personal information until a thorough review is complete. DeepSeek, developed by the Chinese AI Lab of the same name, launched in South Korea earlier this year. Shortly after, regulators began questioning its data collection practices. 

Upon investigation, the PIPC discovered that DeepSeek had transferred South Korean user data to ByteDance, the parent company of TikTok. This revelation raised red flags, given the ongoing global scrutiny of Chinese tech firms over potential security risks. South Korea’s response reflects its increasing emphasis on digital sovereignty. The PIPC has stated that DeepSeek will only be reinstated on app stores once it aligns with national privacy regulations. 

The AI company has since appointed a local representative and acknowledged that it was unfamiliar with South Korea’s legal framework when it launched the service. It has now committed to working with authorities to address compliance issues. DeepSeek’s privacy concerns extend beyond South Korea. Earlier this month, key government agencies—including the Ministry of Trade, Industry, and Energy, as well as Korea Hydro & Nuclear Power—temporarily blocked the app on official devices, citing security risks. 

Australia has already prohibited the use of DeepSeek on government devices, while Italy’s data protection agency has ordered the company to disable its chatbot within its borders. Taiwan has gone a step further by banning all government departments from using DeepSeek AI, further illustrating the growing hesitancy toward Chinese AI firms. 

DeepSeek, founded in 2023 by Liang Feng in Hangzhou, China, has positioned itself as a competitor to OpenAI’s ChatGPT, offering a free, open-source AI model. However, its rapid expansion has drawn scrutiny over potential data security vulnerabilities, especially in regions wary of foreign digital influence. South Korea’s decision underscores the broader challenge of regulating artificial intelligence in an era of increasing geopolitical and technological tensions. 

As AI-powered applications become more integrated into daily life, governments are taking a closer look at the entities behind them, particularly when sensitive user data is involved. For now, DeepSeek’s future in South Korea hinges on whether it can address regulators’ concerns and demonstrate full compliance with the country’s strict data privacy standards. Until then, authorities remain cautious about allowing the app’s unrestricted use.
Read more »
South Korea
cryptocurrency cryptocurrency theft cyber espionage Cyber Security IT Industry North Korea North Korea Hackers South Korea

Sanctions Imposed on North Korean Cyber Activities Supporting Nuclear Ambitions

 

South Korea has announced sanctions against 15 North Korean nationals and the Chosun Geumjeong Economic Information Technology Exchange Corporation for orchestrating schemes that finance North Korea’s nuclear weapons and missile programs. These measures target a global network involved in IT job fraud, cryptocurrency theft, and cyberattacks. 

The sanctioned individuals are linked to the 313th General Bureau, a division of North Korea’s Ministry of Munitions Industry. This bureau oversees the production and development of weapons and ballistic missiles. According to South Korea’s Peninsula Policy Bureau, these operatives are dispatched to countries such as China, Russia, Southeast Asia, and Africa. Using fake identities, they secure positions in international IT companies, generating revenue funneled back to the regime. 

Central to this operation is the Chosun Geumjeong Economic Information Technology Exchange Corporation. This organization plays a critical role by deploying IT professionals abroad and channeling significant financial resources to North Korea’s military projects. In recent years, North Korean operatives have increasingly infiltrated Western companies by posing as IT workers. This tactic not only generates revenue for the regime but also enables cyber espionage and theft. These workers have been found installing malware, stealing sensitive company data, and misappropriating funds. Some have even attempted to infiltrate secure software development environments. 

Despite the gravity of these actions, the stigma associated with hiring fraudulent workers has led many companies to keep such breaches private, leaving the true scope of the issue largely unknown. Additionally, South Korea accuses North Korea of being a major player in global cryptocurrency theft. A 2024 United Nations report found that North Korean hackers carried out 58 cyberattacks against cryptocurrency firms between 2017 and 2023, amassing approximately $3 billion in stolen funds. North Korean nationals have also reportedly violated international sanctions by earning income through employment in various industries, including construction and hospitality. 

These activities pose significant risks to the global cybersecurity landscape and international stability. South Korea asserts that the funds generated through these operations directly support North Korea’s nuclear and missile programs, emphasizing the need for a unified international response. By imposing these sanctions, South Korea aims to disrupt North Korea’s illicit financial networks and mitigate the broader risks posed by its cyber activities. 

This marks a crucial step in the global effort to counter the threats associated with Pyongyang’s nuclear ambitions and its exploitation of cyberspace for financial gain.
Read more »
Zero-day vulnerability
Cyber Crime Cyber Hackers CyberCrime Cybersecurity CyberThreat Internet Explorer Microsoft North Korea South Korea Zero-day vulnerability

Cyber Threat Alert for South Korea from North Korean Hackers

 


In a recent cyber-espionage campaign targeted at the United States, North Korean state-linked hacker ScarCruft recently exploited a zero-day vulnerability in Internet Explorer to distribute RokRAT malware to targets nationwide. APT37, or RedEyes as it is sometimes called, is one of the most notorious North Korean state-sponsored hacking groups, and its activities are thought to be aimed at cyber espionage. 

There is typically a focus on human rights activists from South Korea, defectors from the country, and political entities in Europe from this group. An unknown threat actor with ties to North Korea has been observed delivering a previously undocumented backdoor and remote access Trojan (RAT) called VeilShell as part of a campaign targeted at Cambodia and potentially other Southeast Asian countries, including Indonesia, Malaysia, and Thailand. 

Known to Securonix as SHROUDED#SLEEP, the activity is believed to have been carried out by APT37, which is also known as InkySquid, Reaper, RedEyes, Ricochet Chollima, Ruby Sleet, and ScarCruft as well as several other names. ScarCruft, also known as APT37, InkySquid, Nickel Foxcroft, Reaper, RedEyes, and Ricochet Chollima, is a state-sponsored cyber-espionage threat group that almost entirely targets South Korean individuals and organizations. 

It uses spear phishing to deliver customized tools via phishing, watering holes, and zero-days for Internet Explorer. It has been reported by AhnLab that APT37 compromised one of the servers of a domestic advertising agency. Hence, the purpose is to push specially crafted 'Toast ads' as a part of an unidentified free software that is widely used by South Koreans. As a result of the CVE-2024-38178 flaw found in the JavaScript 9.dll file (Chakra) of Internet Explorer used for displaying these advertisements, it caused the JavaScript file named 'ad_toast' to trigger remote code execution via CVE-2024-38178 in the JavaScript9.dll file.

There is a deep correlation between the malware that was dropped in this attack and the RokRAT malware, which ScarCruft has been using for years to launch attacks. In essence, RokRATs primary function is to exfiltrate to Yandex cloud instances every 30 minutes file matching 20 extension types (including .doc, .mdb, .xls, .ppt, .txt, .amr) that match these extensions. In addition to keylogging, Keylogger also monitors for changes made to the clipboard and captures screenshots (every three minutes) as well. 

In July 2022, ScarCruft, a North Korean threat actor who operates in North Korean cyberspace, began experimenting with oversized LNK files as a delivery route for RokRAT malware, just a couple of months after Microsoft began blocking macros by default across several Office documents. Check Point has released a new report on its technical analysis of RokRAT that concludes that the malware has not changed significantly over the years, but the deployment method has evolved. RokRAT now uses archives that contain LNK files, resulting in infection chains that move through multiple stages. 

As a result of this round of activity, is another indication of a major trend in the threat landscape, where both APTs, as well as cybercriminals, will try to overcome the restriction on macros coming from untrusted sources. Having made the news in the past few days, a new campaign with the intriguing name "Code on Toast," has raised serious concerns about the vulnerability of software still embedded in widely used systems, even after the retirement of Internet Explorer. According to a joint report by the National Cyber Security Center (NCSC) of South Korea, and AhnLab (ASEC), the incident occurred earlier this year. 

There was a unique way for these malware infections to be spread by using toast pop-up ads as how the campaign was delivered. There is a unique aspect of this campaign that focuses on the way ScarCruft distributes its malware through the use of toast notifications and small pop-ups that appear when antivirus software or free utilities are running. As a result of ScarCruft’s compromise of the server of a domestic ad agency in South Korea, a malicious "toast ad" made by ScarCruft was sent to many South Korean users through a popular, yet unnamed, free piece of software. 

To accomplish ScarCruft’s attack, a zero-day Internet Explorer vulnerability, CVE-2024-38178, with a severity rating of 7.5, must be exploited cleverly. As a consequence of this, Edge users in Internet Explorer mode can potentially execute remote code through a memory corruption bug in the Scripting Engine, which can result in remote code execution. This vulnerability was patched for August 2024 as part of Microsoft's Patch Tuesday update, part of this annual update program. 

By using toast notifications, typically harmless pop-up ads from anti-virus software or utility programs, the group silently delivered malware through a zero-click infection method using a zero-click virus delivery mechanism. As a result, it has become necessary for an attacker to convince a user to click on a URL that has been specially crafted to initiate the execution of malicious code to successfully exploit a vulnerability. 

Having used such advanced techniques, ScarCruft clearly emphasizes the need for South Korea's digital landscape to remain protected from such threats in the future. It is unfortunate that no matter how much effort is put into phasing out outdated systems, security vulnerabilities have caused problems in legacy components like Internet Explorer. Although Microsoft announced it would retire Internet Explorer at the end of 2022, many of the browser's components remain in Windows, or they are being used by third-party products, allowing threat actors to come across new vulnerabilities and exploit them for their purposes. As a result of this campaign, organizations will be reminded of the importance of prioritizing cybersecurity updates and maintaining robust defences against increasingly sophisticated cyber threats backed by governments.
Read more »
United States
Cyber Security Cyber Threats NATO South Korea United States

South Korea’s Rising Influence in Global Cybersecurity

 


South Korea’s Expanding Role in Global Cybersecurity

South Korea is emerging as a pivotal player in the global cybersecurity landscape, particularly against the backdrop of escalating tensions between the United States and China in cyberspace. By participating in high-profile cybersecurity exercises and fostering international collaborations, the country is bolstering its reputation as a key ally in both regional and global cyber defense initiatives.

Recently, South Korea hosted the APEX cyberwarfare exercise, which gathered cybersecurity experts and defense personnel from over 20 nations. This exercise simulated cyberattacks on critical infrastructure, enabling participants to devise defensive strategies and exchange vital insights. South Korea has also actively participated in NATO-led events, such as the Locked Shields exercise, which focuses on testing and enhancing cyber resilience.

In addition, South Korea showcased its commitment to international cybersecurity efforts by attending the Cyber Champions Summit in Sydney. The country is set to host the next iteration of the summit, emphasizing its dedication to fostering global cooperation in addressing cyber threats.

Strategic Alliances and Emerging Trends

South Korea's advanced technological capabilities and strategic location have positioned it as a vital partner for the United States in addressing cyber threats, especially those originating from China. According to analysts, South Korea’s infrastructure serves as a communications hub for critical trans-Pacific submarine cables connecting major networks across Asia, including China. Experts have also suggested that the country may act as a base for US cyber operations, similar to its role in hosting the THAAD missile system in 2017.

China, meanwhile, has been enhancing its cyber capabilities in response to growing alliances among its rivals. In April 2024, China reorganized its People’s Liberation Army to include specialized units dedicated to cyber, information, and space operations. Despite these efforts, experts note that China’s cyber capabilities still lag behind those of the US and its allies.

South Korea’s increasing involvement in cybersecurity underscores its strategic importance in addressing modern cyber challenges. By collaborating with the US, NATO, and other allies, the nation is strengthening its cyber defenses while contributing to a broader security framework in the Indo-Pacific region. These initiatives are poised to shape the global cybersecurity landscape in the coming years.

Read more »
Technology
Artificial Intelligence Cyberattacks CyberCrime Cyberhackers Cyberthreats Robotics South Korea Technology

Robot 'Suicide' in South Korea Raises Questions About AI Workload

 


At the bottom of a two-meter staircase in Gumi City Council, South Korea, a robot that worked for the city council was discovered unresponsive. There are those in the country who label the first robot to be built in the country as a suicide. According to the newspaper, a Daily Mail report claims that the incident occurred on the afternoon of June 20 around 4 pm. When the shattered robot was collected for analysis and sent to the company for examination, city council officials immediately contacted Bear Robotics, a California-based company, that made the robot. 

However, the reason behind the robot's erratic behaviour remains unknown. This robot, nicknamed "Robot Supervisor", was found piled up in a heap at the bottom of a stairwell between the first and second floors of the council building, where it was hidden from view. There were descriptions from witnesses that the robot behaved strangely, "circling in a certain area as if there was something there" before it fell to Earth untimely. It was one of the first robots in the city to be assigned this role in August 2023, with the robot being one of the first to accomplish this task. 

According to Bear Robotics, a startup company based out of California that develops robot waiters, the robot works from 9 am to 6 pm daily. Its civil service card validates its employment status. A difference between other robots and the Gumi City Council robot, which can call an elevator and move independently between different floors, is that the former can access multiple floors at the same time, whereas the latter cannot. 

Following the International Federation of Robotics (IFR), South Korea's industry boasts the highest robot density of any country in the world, with one industrial robot for every ten workers, making it one of the most robotic industries in the world. It has however been announced by the Gumi City Council that as a result of the recent incident, the city will not be adopting a second robot officer at present due to a lack of information. 

During the aftermath of the incident, there has been a debate in South Korea about how much work robots must do to function. Users are seeing a flurry of discussion on social media about what has been reported as a suicidal act by a robot, which has sparked debate about the pressures that humans experience at work. After the incident occurred, a major debate erupted as to how much burden the robot was supposed to handle. 

It has been employed since August 2023, a resident assistant called "Robot Supervisor" has been a very useful employee who can handle a wide range of tasks, from document delivery to assisting residents with their tasks. Following this unexpected event, there have been numerous discussions and focuses regarding the intense workload of this organization and the demands that are placed on it by these demands. South Korea has been taking an aggressive approach to automating society with its ambitious robot - a product developed by Bear Robotics, a California-based startup. 

Despite the large number of robots present in industrial settings in the county, this incident has sparked concern over the possibility that they will expand beyond factories and restaurants to serve a wider range of social functions as well. In the past few years, a growing number of companies have been investing in robots to take on roles beyond that of traditional workplaces, which has sparked public interest in this area. Various media outlets have been speculating about the outcome of the 2018 election, with a wide range of opinions and predictions. In a groundbreaking development, a robot's apparent act of self-destruction in South Korea has triggered profound contemplation and contentious discourse regarding the ethical and operational ramifications of employing robots for tasks traditionally undertaken by humans. 

The incident, believed by some to be a manifestation of excessive workload imposed on the machine, has prompted deliberations on the boundaries and responsibilities associated with integrating advanced technologies into daily life. Following careful consideration, the Gumi City Council has opted to suspend its initiatives aimed at expanding the use of robots. This decision, originating from a municipality renowned for its robust embrace of technological innovation, symbolizes a moment of introspection and critical reevaluation. 

It signifies a pivotal juncture in the ongoing dialogue about the role of automation and the deployment of artificial intelligence (AI) in contemporary societal frameworks. Undoubtedly tragic, the incident has nevertheless catalyzed substantive discussions and pivotal considerations about the future dynamics between robots and humanity. Stakeholders are now compelled to confront the broader implications of technological integration, emphasizing the imperative to navigate these advancements with conscientious regard for ethical, societal, and practical dimensions. The aftermath of this event serves as a poignant reminder of the imperative for vigilance and discernment in harnessing the potential of AI and robotics for the betterment of society.
Read more »
Subscribe to: Comments (Atom)