The National Intelligence Service said on the 8th that an analysis of cyber threats throughout 2025 found that North Korean hacking groups attacked overseas virtual asset exchanges and other targets and stole about 2.2 trillion won.
The National Intelligence Service (NIS) assessed that last year saw a sharp expansion in financially motivated attacks and advanced technology theft by international and state-backed hacking groups, leading to a string of major hacking incidents targeting key infrastructure directly tied to the public's daily lives, including platforms, telecommunications, finance and administration. It said massive personal data leaks and substantial financial damage occurred in the process, significantly increasing harm in the private sector.
In particular, North Korean hacking groups were found to have intensified hacking aimed at strategic industry technologies in the defense, IT and health sectors, while focusing attacks on overseas virtual asset exchanges to steal funds on an unprecedented scale. To boost the success rate of their attacks, the hackers heavily exploited vulnerabilities in IT products and even deployed new tactics such as "quishing" using QR codes and methods targeting lost phone reset functions.
Based on these threat trends, the National Intelligence Service (NIS) projected that the cyber security environment will further deteriorate in 2026. It expects all-out cyber contests to intensify as actors seek geopolitical advantage, with increases in indiscriminate hacking and ransomware attacks aimed at economic and industrial gains. It also warned of the possibility of multipurpose cyber offensives that infiltrate key infrastructure—such as telecommunications, finance and defense—in advance and trigger paralysis and chaos in contingencies.
It also assessed that the so-called "hacking AI," in which artificial intelligence (AI) is used throughout the entire hacking process, is becoming a reality, creating new threats that are difficult to control and predict and that will significantly affect national security and the survival of corporations. It projected that the spread of hacking syndicates entangling states, companies and criminal groups will make it even harder to identify the perpetrators of attacks.
Kim Chang-seop, the third deputy director of the National Intelligence Service (NIS), said, "Recent hacking incidents are not problems of specific agencies or corporations but issues that directly threaten national security and people's lives," adding, "We will actively cooperate with a pan-government response and focus the NIS's capabilities on minimizing damage to the public and corporations."