Overcoming its war-torn history, South Korea has transformed into one of the most tech-savvy countries in the world. With an internet penetration rate hovering around 97% in 2024, it’s common to see people engrossed in their mobile devices, communicating with the online sphere.
Despite this high-tech environment, public awareness of cybersecurity has been slow to improve compared to the rapid development of technology in the country. A 2024 survey by NordVPN, which posed cybersecurity-related questions to over 25,000 respondents from 181 countries, revealed that South Koreans had the lowest accuracy rates in their answers. For instance, when asked about considerations for using artificial intelligence at work, only three per cent provided correct responses, and merely 8 per cent knew how to protect their home Wi-Fi networks.
I believe this lack of knowledge does not stem from South Korea being more adept at protecting privacy or experiencing fewer cyber invasions. Account hacks, banking fraud, and other cybercrimes are prevalent. Phishing scams via text messages and calls have become especially problematic, with losses increasing from 58.7 billion won (approximately US$44 million) in 2020 to 126.5 billion won in 2021 — nearly doubling within a year.
South Koreans’ limited understanding of cybersecurity often arises from a mindset of “it won’t happen to me.” Although they hear about others being scammed out of thousands of pounds, the sheer size of the population — over 50 million — leads many to believe that the likelihood of such incidents is low.
A few individuals who manage to detect a cyberattack before suffering any damage or who successfully protect themselves share their experiences on social media, offering tips to a wider audience. Cybersecurity training is provided or even mandated for students and employees annually through online platforms. Still, many attendees focus more on obtaining certification than on the content of the training itself.
South Koreans’ perception towards North Korean cyberattacks
Besides cybercriminals with malicious intent, South Koreans have one more concern regarding their cybersecurity — North Korea.
Although the two Koreas have been in a state of armistice since 1953, the North continues to pose numerous threats to the South, according to reports. During significant events, such as the general election, major media outlets cover predictions or instances of government bodies targeted by North Korean hackers.
There also seems to be a shared perception among the public that North Korea cannot inflict significant damage on the country. A friend of mine, who describes herself as someone who cannot “live without the internet”, admits to feeling a little scared when hearing news reports about North Korean cyberattacks. Still, she assumes that any potential losses may be “minimal”.
This understanding may stem from decades of irritation caused by North Korea. With such incidents happening repeatedly, many people no longer take the threats as seriously as they did during wartime. My mother, who was born 12 years after the ceasefire, believes that the North’s threats are intended to “scaremonger” the public, reminding them that they are still technically at war. “It’s all words but no action, though”, she adds.
As someone born and raised in South Korea, I share a common understanding regarding cyberattacks from the North. I have heard that the country is home to several notorious hacker groups that have managed to secure funds through illicit means in Europe, but little beyond that.
‘Kimsuky’ raises alarm among South Korean intelligence
To better understand the issue, I reached out to around ten university professors specialising in cybersecurity in South Korea, particularly those interested in North Korean criminal activities. Surprisingly, I received quite unusual responses from these academics. Some inquired in detail about how I obtained their contact information, expressing uncertainty about my intentions. Others simply declined my request for comments, stating that they were unavailable to provide a response.
Receiving rejections from ten different academics is quite uncommon, so I began to conduct further research into the situation. Allegedly, North Korea’s infamous hacker group, “Kimsuky,” has been sending emails to policy information academics, reporters specialising in North Korean topics, and government officials while impersonating individuals from authoritative organisations.
While their methods appear to vary, one tactic involves impersonating a journalist based outside South Korea and requesting insights on North Korean issues. Once the recipient responds positively, they send an encrypted document that downloads malicious software onto the recipient’s device, capable of stealing sensitive information and personal data.
This type of hacking attempt has been ongoing for years, but their techniques have gradually improved. Until a few years ago, they often made grammatical errors or typos and used email addresses from lesser-known servers.
However, a recent instance demonstrates that North Korean hackers can now access authoritative servers, including universities and mainstream media outlets. A North Korean expert reported receiving an email from a genuine Political Science professor at Yonsei University in Seoul. Additionally, a Wall Street Journal journalist based in South Korea shared a post on LinkedIn, noting that individuals had received interview requests from senders using Proton-backed, Yahoo, or Hotmail addresses who were impersonating her.
As tensions between the two Koreas have increased recently, North Korean attacks may occur more frequently, according to a cybersecurity expert who served in the South Korean military for several years. “Those who have experienced such attempts in their email inboxes should be the most aware of the risk,” the expert, who wished to remain anonymous due to the matter’s sensitivity, told 4i MAG.
Getting ahead of the game: how to protect your privacy from North Koreans
Malicious codes spread through emails from North Korea are often transmitted via attached files. Many reports covering recent incidents warn readers against downloading files from emails unless they can fully trust the sender. The National Security Agency (NSA) of the United States recommends that users install security software programmes and keep them up to date, as well as remain vigilant about how hackers target their victims.
It’s also important to note that the technologies used by North Korean hackers are becoming increasingly sophisticated, particularly with the introduction of advanced tools like generative AI. Security company Securonix reported a steady increase in North Korean hacking attempts employing generative AI techniques, such as deepfake technology, in the past few years. Some identified cases involve North Korean hackers applying for positions in information technology companies using false identities, often masking their faces with AI-generated images.
The Federal Bureau of Investigation (FBI) also provides a list of red flags to help detect hackers attempting to conceal their identities to infiltrate organisations. Some intelligence agencies recommend implementing automated identity verification systems to more easily identify false information. Regularly re-verifying the identity of individuals with whom one interacts is also advisable. Some experts advocate for establishing a holistic cyber governance system that promotes cross-department collaboration and assistance in combating cyberattacks from North Korea.
Ultimately, the fundamental solution lies in raising awareness about the seriousness of the issue and maintaining a commitment to safeguarding personal privacy and information from hackers. In a country like South Korea, where a significant portion of the public seems largely uninterested in the problem, another series of cyberattacks could regrettably loom on the horizon.
