Distributed denial-of-service (DDoS) attacks on Korean private-sector companies in the first quarter of this year reached nearly 34.5 percent of last year's annual total, according to data reviewed by The Seoul Economic Daily. The surge reflects the expansion of cyber warfare fronts into Korea, driven by global conflicts such as wars and advancements in artificial intelligence (AI) technology. Analysts warn that if the current trend continues, it is only a matter of time before DDoS attacks evolve to a stage capable of paralyzing national infrastructure.
According to the Korea Internet & Security Agency (KISA) on Monday, private-sector companies and institutions filed 203 DDoS attack reports with the agency in the first quarter of this year. KISA's private-sector DDoS report tallies have been rising annually — 213 cases in 2023, 285 in 2024, and 588 in 2025 — with the pace accelerating this year. A simple extrapolation of the current trend through year-end projects 812 DDoS attack reports this year, 38 percent more than last year. DDoS attacks refer to cyberattacks in which hackers transmit massive volumes of malicious traffic to overload specific networks and systems, disrupting their normal operations.
Korean government ministries and major infrastructure companies have also been targeted, not just private firms. Notably, the pro-Russian hacker group "NoName057(16)" claimed on its Telegram channel last month to have carried out DDoS attacks against more than eight Korean institutional websites, including the Ministry of Foreign Affairs, the Ministry of Trade, Industry and Energy, Korea Land & Housing Corporation (LH), and Korea Hydro & Nuclear Power. The group cited the Korean government's support for Ukraine as the reason, and the Foreign Ministry's website was in fact briefly taken down by a DDoS attack on the afternoon of the 17th of last month before being restored. In response, KISA urged companies last month to prepare, noting that "DDoS attacks by foreign hacking groups targeting domestic government, public and private institutions have been occurring continuously amid the Russia-Ukraine war and Middle East conflicts."
While DDoS attacks themselves are not a new threat, experts say the trend of such attacks becoming a pillar of cyber warfare has grown increasingly pronounced in recent years. Following the Ukraine war and the outbreak of conflict in the Middle East, hacker groups such as NoName057(16), RipperSec, and BD Anonymous have ramped up hacktivism activities representing the political positions of the forces they support. In this process, they have also targeted third countries and institutions friendly to their adversaries, with Korea reportedly included. U.S. security firm Cyble noted in a January report that "this year, hacktivists will showcase their presence by hacking across the energy, transportation, and healthcare sectors," adding that "major infrastructure hacking attacks targeting Taiwan, the Baltic states, and Korea ostensibly demand money but are highly likely to be carried out for geopolitical purposes."
Concerns are also growing that the combination of AI technology with DDoS and hacktivism could give these attacks destructive power sufficient to paralyze national infrastructure. "DDoS attacks that ended with simple website outages are now a thing of the past, and the recent surge in DDoS attacks is a signal that more serious attacks may follow," said Kim Ho-kwang, CEO of Beta Labs. "Using AI, it becomes easier to seize control of government website servers through DDoS attacks, broadcast false government messages, or take over various infrastructure." The March attack on U.S. medical device giant Stryker by the pro-Iranian hacker group "Handala" is cited as a representative example demonstrating the dangers of DDoS. In retaliation for the U.S. attack on Iran, Handala deleted internal data from Stryker's payment system, paralyzing the company's entire supply chain. The Wall Street Journal described it as "the most significant wartime cyberattack in U.S. history."
Experts recommend establishing a response system for DDoS attacks at the national security level. "We are in an era where AI can find security vulnerabilities far faster than humans," Kim stressed. "We need to elevate the risk level of DDoS attacks and build an AI-based multi-layered defense system." Yeom Heung-youl, professor emeritus of information security at Soonchunhyang University, also said, "Network equipment and services for blocking DDoS attacks carry a heavy cost burden, which limits individual institutions from fully adopting them," adding, "Support should be considered from a cybersecurity standpoint."
