Seoul (South Korea), October 19, 2025: South Korea’s Ministry of the Interior and Safety has tightened cybersecurity protocols across government networks after detecting possible signs of hacking into the state’s online administrative systems, according to a report by Yonhap News Agency.
The ministry said the alert followed reports from Phrack, a cybersecurity publication, which indicated that in August several South Korean government agencies and major corporations had been targeted by hackers. The North Korean group Kimsuky is suspected of being behind the attempted breaches.
Authorities discovered that in mid-July, an external computer had accessed the government’s Onnara system — an online platform used for managing official documents and internal operations — through the Government Virtual Private Network (G-VPN), as identified by the National Intelligence Service (NIS).
In response, the ministry introduced stricter login authentication procedures for all officials accessing the system remotely. It also reviewed and revoked potentially compromised Government Public Key Infrastructure (GPKI) certificates used by public employees for authentication. Out of 650 certificates believed to have been exposed, three still active ones were cancelled on August 13.
Signs of hacking were reportedly detected not only in the interior and foreign ministries but also in the military, prosecution offices, and major firms such as Kakao Corp., Naver Corp., KT Corp., and LG Uplus Corp.
Officials emphasized that the government continues to monitor the situation closely, reinforcing its cyber defences to protect critical national data and prevent further infiltration attempts.
