Combating Chinese Cyber Threats in South Korea

In light of the escalating cyber threats from China, it is imperative to focus on collaborative defense initiatives that can enhance South Korea's cybersecurity resilience and create a more secure digital landscape.

Combating Chinese Cyber Threats in South Korea
Created with Midjourney

This overview of Chinese malicious cyber activity directed at South Korea was generated through a series of ChatGTP prompts. My edits are minimal. I added the links you'll find throughout the piece, the images, and made very minor edits to improve the flow or remove unnecessary detail.  


Chinese cyber attacks targeting South Korea have raised significant concerns for the South Korean government and neighboring countries in the region. The primary objective of these attacks is believed to be the acquisition of sensitive military and industrial information, as well as intelligence about North Korea, an important Chinese ally.

One of the most high-profile Chinese cyber attacks against South Korea was the attack on the Lotte Group in 2017. Lotte was the company that provided the land for the deployment of the Thaad missile defense system, which China saw as a threat to its own national security. The cyber attack was designed to cripple Lotte's computer networks and steal sensitive information about the company's operations. The attack was widely believed to have been carried out by Chinese hackers, although the Chinese government denied any involvement.

China has also been accused of carrying out other cyber attacks against South Korea, including the "Dark Seoul" attack in 2013, which targeted several South Korean banks and media outlets. This attack was initially attributed to North Korea, but some experts believe that Chinese hackers may have been involved as well.

In addition to these specific attacks, there have been ongoing concerns about Chinese cyber espionage activities in South Korea. Chinese hackers are believed to be interested in gaining access to sensitive military and industrial information, as well as information about North Korea's nuclear program. In 2017, South Korean officials reported that Chinese hackers had attempted to hack into the computer networks of the defense ministry and several major defense companies.

The South Korean government has taken a number of steps to try to counter Chinese cyber attacks. These steps have included increasing cybersecurity measures for government agencies and critical infrastructure, as well as working with other countries in the region to share information about cyber threats. However, the threat of Chinese cyber attacks remains a significant concern for South Korea and the broader region, and it is likely that both the government and private sector will need to continue to invest in cybersecurity measures to protect against these attacks.

The Lotte Attack

In 2017, Chinese hackers targeted the Lotte Group, a South Korean conglomerate that owns retail stores, hotels, and other businesses in Korea and China. The cyber attack was reportedly carried out as retaliation against the deployment of the Terminal High Altitude Area Defense (THAAD) missile defense system in South Korea. The system was deployed to protect against potential missile attacks from North Korea, but China saw it as a threat to its own national security.

The cyber attack on Lotte Group was sophisticated and highly effective, with the hackers using advanced malware and spear-phishing techniques to penetrate the company's computer networks. The attack resulted in significant damage to Lotte's computer systems, causing disruptions to the company's operations and the theft of sensitive information. Lotte reported that the attack caused around $50 million in damages.

The Chinese government denied any involvement in the attack, but many experts believe that the attack was carried out by Chinese state-sponsored hackers. The attack was seen as part of a broader pattern of Chinese cyber espionage against South Korea, which has included attempts to steal military and industrial secrets, as well as information about North Korea's nuclear program.

The attack on Lotte Group had significant implications for South Korea's relations with China, as well as for the country's economy. Following the attack, the Chinese government launched a boycott of Lotte products in China, causing significant losses for the company. The incident also highlighted the growing tensions between South Korea and China, and raised concerns about the potential for further cyber attacks and economic retaliation.

Dark Seoul

The "Dark Seoul" cyber attack that occurred in 2013 was another significant example of Chinese cyber attacks against South Korea. The attack targeted several major South Korean banks and media outlets, causing widespread disruptions and raising concerns about the country's cybersecurity defenses.

The attack was initially attributed to North Korea, as it came shortly after North Korea had carried out a nuclear test and was seen as a possible response to increased sanctions against the country. However, some experts believe that Chinese hackers may have been involved in the attack as well, given the sophisticated nature of the attack and the targets that were selected.

The "Dark Seoul" attack was carried out using malware known as "Shamoon," which was designed to erase data from targeted computers. The malware was spread through spear-phishing emails that appeared to come from legitimate sources, tricking recipients into clicking on infected links or downloading malicious attachments.

The attack caused significant disruptions to the operations of the affected banks and media outlets, with some systems being down for days or even weeks. The attack also raised concerns about the potential for cyber attacks to cause widespread disruptions and even harm to critical infrastructure.

The South Korean government responded to the attack by increasing its cybersecurity defenses and establishing a new agency to coordinate its efforts to counter cyber threats. However, the incident further highlighted the growing threat of cyber attacks and the need for greater international cooperation to combat this threat.

2017 Cyber Espionage Attempts

In 2017, South Korean officials reported that Chinese hackers had attempted to hack into the computer networks of the defense ministry and several major defense companies. This cyber attack was seen as part of a broader pattern of Chinese cyber espionage against South Korea, with China seeking to gain access to sensitive military and industrial information.

The attack was carried out using sophisticated malware and spear-phishing techniques, with the hackers attempting to breach the computer systems of the defense ministry and several major defense companies. The South Korean government was able to detect and block the attack before any significant damage could be done, but the incident raised concerns about the vulnerability of South Korea's critical infrastructure to cyber attacks.

The attack on the defense ministry and defense companies was seen as part of China's broader strategy to gain access to sensitive military information. The Chinese government is known to be interested in acquiring information about South Korea's defense capabilities, as well as information about North Korea's military and nuclear program.

The attack also highlighted the growing tensions between South Korea and China, with South Korean officials expressing concern about China's cyber espionage activities and its attempts to exert influence over South Korea. The incident raised concerns about the potential for future cyber attacks and the need for increased cybersecurity measures to protect against these attacks.

In response to the attack, the South Korean government again increased its cybersecurity measures and announced plans to establish a new military cyber command to counter cyber threats. The incident also highlighted the need for greater international cooperation to combat cyber threats, with South Korea working with other countries in the region to share information and coordinate their efforts to counter cyber espionage.

Recent Chinese Attacks

Chinese cyber attacks against South Korea have continued in recent years, with a particular focus on stealing military and industrial secrets. In 2020, South Korean officials reported that Chinese hackers had attempted to infiltrate the computer networks of several major companies involved in developing a COVID-19 vaccine. The attack was believed to be an attempt to steal information about the vaccine's development and production.

In addition to this, South Korean officials also reported a rise in Chinese cyber attacks targeting government agencies, military contractors, and other organizations in the defense sector. These attacks were seen as part of China's broader efforts to gain access to sensitive military information and to exert influence over South Korea.

Countering the Threat

The South Korean government has established several agencies and departments to lead the country's defense against cyber attacks. These agencies are responsible for developing and implementing cybersecurity policies and strategies, coordinating efforts to combat cyber threats, and providing assistance to organizations and individuals affected by cyber attacks.

One of the key agencies responsible for cybersecurity in South Korea is the National Intelligence Service (NIS), which is the country's main intelligence agency. The NIS is responsible for collecting and analyzing intelligence related to cyber threats, and for carrying out operations to counter these threats. The agency works closely with other government agencies, such as the Ministry of Defense and the Ministry of Science and ICT, to coordinate efforts to combat cyber espionage.

Another important agency is the Cyber Command of the Republic of Korea Armed Forces, which is responsible for protecting military networks and critical infrastructure from cyber attacks. The Cyber Command is part of the South Korean military, and is responsible for developing and implementing cybersecurity policies for the military.

The South Korean government has also established the Korea Internet & Security Agency (KISA), which is a government agency responsible for promoting cybersecurity and protecting South Korea's information and communication networks. KISA provides cybersecurity training and education, conducts research and development in the field of cybersecurity, and assists organizations and individuals affected by cyber attacks.

In addition to these agencies, the South Korean government has also established the Ministry of Science and ICT, which is responsible for developing and implementing policies related to information and communication technologies. The ministry works closely with other government agencies to coordinate efforts to combat cyber threats and to promote cybersecurity.

Collaborative Defense Initiatives

South Korea has been actively collaborating with other countries and international organizations to combat cyber threats and enhance its cyber defense capabilities. The country has sought to build partnerships with other countries to share information, coordinate efforts, and develop strategies to address common cybersecurity challenges.

One such initiative is the ASEAN-Korea Cyber Security Cooperation Project, which aims to promote regional cooperation and build capacity to address cyber threats in Southeast Asia. The project involves cooperation on various fronts, including the exchange of information and best practices, joint training and capacity building, and the development of joint research projects. As part of this initiative, KISA recently announced the launch of ASEAN Cyber Shield which seeks to boost technical education, research, and planning in the region.

The complicated relationship between Japan and South Korea has affected their ability to collaborate on cybersecurity, but recent initiatives demonstrate a growing recognition of the importance of finding common ground and focusing on shared cyber threats. Ongoing territorial and historical disputes have created challenges in cooperation, highlighting the need for both countries to mend their ties and continue building positive relationships in the cybersecurity arena.

South Korea has also established partnerships with international organizations, such as the International Telecommunication Union (ITU), to enhance its cybersecurity capabilities. In 2018, South Korea and the ITU launched a joint initiative aimed at building capacity for developing countries to address cybersecurity challenges.

In addition to these initiatives, South Korea has also participated in international forums and initiatives aimed at promoting cybersecurity cooperation. For example, South Korea is a member of the Organization for Economic Cooperation and Development (OECD) Working Party on Security and Privacy in the Digital Economy, which promotes international cooperation on cybersecurity and digital privacy.

Cybersecurity collaboration between South Korea and NATO  has been increasing in recent years, with South Korea’s National Intelligence Service joining the NATO Cooperative Cyber Defence Centre of Excellence (CCDCOE)

The United States and South Korea have made noteworthy progress in strengthening their cybersecurity collaboration and advancing their respective cyber policies. They have cooperated on various initiatives to improve their capabilities to defend against cyber attacks. Nevertheless, the two countries still encounter difficulties in deterring the Chinese regime's preeminent global cyber threat. As Chinese cyber attacks against South Korea continue to increase, the United States and South Korea must continue to join forces to devise coordinated strategies and reinforce their cyber defenses against such threats.

South Korea has demonstrated its commitment to tackling global cybersecurity challenges and building a safer cyber environment for its citizens and businesses through its international collaboration efforts on cyber defense. While these partnerships and initiatives have helped to enhance South Korea's cybersecurity capabilities, there is still more to be done given the persistent cyber threats posed by China and North Korea.

To further improve its cyber defenses, South Korea needs to continue to engage in partnerships and initiatives that promote regional and international cooperation on cybersecurity issues. By collaborating more closely with other countries and organizations, South Korea can develop coordinated strategies to combat cyber attacks and effectively address the evolving cyber threat landscape. Such efforts will be crucial in ensuring the safety and security of South Korea's citizens and businesses in the face of growing cyber threats.


Blogs of War generated this text in part with GPT-3, OpenAI’s large-scale language-generation model. Upon generating draft language, the author reviewed, edited, and revised the language to their own liking and takes ultimate responsibility for the content of this publication.