Cyberattacks on Korea's military hit five-year high

While the figure jumped to 18,951 last year, up 108 percent from 2022 and 31 percent from 2024, the military's ability to secure and retain cyber specialists has weakened.

Published
North Korean leader Kim Jong-un presides over the first enlarged meeting of the ninth Central Military Commission of the Workers' Party of Korea on July 9, as reported by the state-run Korean Central News Agency.

Cyberattack attempts targeting South Korea’s military reached their highest level in five years last year as the military struggles to retain cyberwarfare specialists, according to government data on Sunday. 

The findings have fueled calls for stronger cyber defense measures, especially since North Korea is expected to expand its cyber operations by strengthening its Reconnaissance General Bureau and South Korea’s Defense Counterintelligence Command has been effectively dismantled.

Cyberattack attempts against the military fell from 11,700 in 2021 to 9,115 in 2022 before climbing to 13,599 in 2023 and 14,419 in 2024, according to data submitted by the Ministry of National Defense to Rep. Yu Yong-weon of the main opposition People Power Party, a member of the National Assembly’s National Defense Committee.

The figure jumped to 18,951 last year, up 108 percent from 2022 and 31 percent from 2024, marking the highest level in the past five years.

By attack type, attempts to compromise websites by obtaining administrator privileges accounted for the overwhelming majority, reaching 18,792 cases last year. 

Phishing emails disguised as messages from trusted senders surged from 16 cases in 2023 to 127 last year, suggesting that the North’s cyberattack methods are becoming more sophisticated and diverse.

“Recent signs indicate that North Korea has begun using AI in its hacking operations, including malware development and attempts to infiltrate organizations through fake job applications, which allude to its cyber capabilities’ increasing sophistication,” the Cyber Operations Command said in materials submitted to Yu’s office. 

A man holds a laptop computer as code is projected on him.

At the same time, however, the South Korean military’s ability to secure and retain cyber specialists has weakened.

Since 2012, the Ministry of National Defense has operated a cyber officer cadet program to recruit cybersecurity specialists.

Students selected from designated university departments receive about 40 million won ($26,700) each in tuition support through a military scholarship program. Upon graduation, they are commissioned as officers and assigned to units such as the Cyber Operations Command and the 777 Command, where they conduct cyber threat analysis, cybersecurity operations and digital forensics.

However, data on the program obtained by Yu’s office shows that 89 of the 104 cyber specialist officers — or about 85 percent of the total — commissioned between 2016 and 2019 chose to leave the military after completing their mandatory seven-year service.

In other words, eight out of every 10 officers trained with government funding left the military as soon as their service obligation ended.

The trend has continued. Last year, only seven of 24 graduates chose to be commissioned. Although those who decline to serve must repay the financial assistance that they were provided, some have opted to do so rather than act as military cyber officers.

The private sector’s growing demand for AI and cybersecurity experts, along with its higher salaries and better working conditions, is widely believed to be driving the trend.

North Korean leader Kim Jong-un presides over the first expanded meeting of the Ninth Central Military Commission of the Workers' Party of Korea on July 9.

The issue comes as North Korean leader Kim Jong-un ordered the expansion of the Reconnaissance General Bureau, Pyongyang’s main intelligence agency responsible for overseas intelligence collection, operations against South Korea and cyber activities.

Kim attended an expanded meeting of the Central Military Commission of the ruling Workers’ Party on Thursday, according to the state-run Rodong Sinmun. During the meeting, officials proposed broadening the bureau’s functions and responsibilities and dramatically enhancing its military reconnaissance and intelligence-gathering capabilities.

The Reconnaissance General Bureau was created by expanding and reorganizing the former Reconnaissance Bureau under the Korean People’s Army General Staff.

South Korean military intelligence authorities estimate that the North currently operates about 8,400 hackers, primarily through the Reconnaissance General Bureau. Analysts expect that force to grow further after Kim emphasized strengthening intelligence and cyberwarfare capabilities.

“At a time when North Korea is rapidly advancing its cyberattack capabilities, we cannot allow a system in which cyber specialists simply leave the military after fulfilling their mandatory service,” Rep. Yu said. “We need a systematic personnel management system that covers the recruitment, training and long-term retention of cyber experts.”


BY SHIM SEOK-YONG [[email protected]]

This article was originally written in Korean and translated by a bilingual reporter with the help of generative AI tools. It was then edited by a native English-speaking editor. All AI-assisted translations are reviewed and refined by our newsroom.