South Korea has launched a multisector initiative to combat cyberattacks as concerns grow over North Korean-linked hackers exploiting artificial intelligence (AI).
Seoul is implementing strategies outlined in its National Cybersecurity Strategy and National Cybersecurity Basic Plan, both introduced in 2024, to protect its critical infrastructure, financial systems and national defense from escalating digital threats.
“The rise of AI-powered cyberattacks has markedly transformed South Korea’s cybersecurity approach, leading the country to prioritize proactive and comprehensive strategies rather than reactive measures,” Tae Yeon Eom, a research scholar at the Asia Pacific Foundation of Canada, told FORUM. “The growing sophistication and frequency of North Korea-backed cyber operations utilizing artificial intelligence have created a significant shift in threat perception.”
The cybersecurity frameworks were launched after a surge in hacks, which averaged 1.62 million a day in 2023, with about 80% of them orchestrated by Pyongyang, according to South Korea’s National Intelligence Service (NIS). Shipbuilders, drone manufacturers and agricultural institutions were among the targets.
Globally, North Korean hackers are suspected of stealing an estimated $3 billion in cryptocurrencies between 2017 and 2023, in part to finance the regime’s illicit weapons of mass destruction programs, according to the United Nations.
“At the governmental level, AI-driven defense mechanisms form a key part of the new National Cybersecurity Strategy, which emphasizes the ability to rapidly identify, predict and respond to cyber threats,” Eom said.
Seoul’s Cyber Operations Command leverages AI to identify, assess and neutralize threats, he said. Meanwhile, cybersecurity firms, with government support and investment, use AI to enhance anomaly detection, analyze threat intelligence and strengthen real-time response capabilities.
Key initiatives of the National Cybersecurity Basic Plan focus on bolstering critical infrastructure resilience, promoting industry-academia collaboration, and refining legal frameworks to clarify roles for individuals, businesses and government.
The Cyber Operations Command and NIS partner with the private sector to counter cryptocurrency theft, Eom said. Measures include real-time monitoring and forensic tracking of transactions. Meanwhile, South Korean cryptocurrency exchange users must verify their identity.
Eom cited the NIS-led Cyber Partners as an example of public-private collaboration. Under the initiative, defense contractors are partnering with AI startups and technology providers “to develop specialized AI defense systems, such as autonomous threat detection algorithms, unmanned systems and advanced predictive analytics platforms,” he said.
In December 2024, South Korea’s National Assembly passed the AI Basic Act, which aims to balance oversight and innovation. The law promotes self-regulation to ensure AI safety and reliability, while enforcing transparency measures to prevent misuse, such as deepfakes, according to the analysis website Law.Asia.
In early 2025, South Korea’s data protection authority removed the Chinese AI chatbot DeepSeek from official app stores, citing concerns over questionable data collection practices, the United States-based website Bank Info Security reported.
Seoul’s cybersecurity initiatives mirror efforts by Allies and Partners across the region. For example, the Singapore Armed Forces’ Digital and Intelligence Service and the nation’s Cyber Security Agency hosted the third Critical Infrastructure Defence Exercise in late 2024.
In February 2025, South Korea hosted the United Kingdom-led Cyber Marvel exercise, with cybersecurity experts from 26 nations defending against simulated attacks. Seoul also funded a 2024 Interpol operation that resulted in about 5,500 arrests and the seizure of more than $400 million in crypto and other currency, Eom said.
