The Korea Internet & Security Agency (KISA) warned on Thursday that hacktivist attacks targeting South Korean companies and institutions are increasing as Middle East geopolitical conflict spreads into cyberspace.

Hacktivists are individuals or groups that hack government and corporate information systems to achieve political and social goals.

KISA said there are 3 main threats: DDoS attacks aimed at disrupting services, intrusions into internal systems and data leaks, and ransomware infections for financial theft. Pro-Palestinian hacktivist group RipperSec attempted DDoS attacks against South Korean defence firms and government agencies. Pro-Iran groups including Handala are raising the level of attacks by pairing DDoS assaults with data destruction and leaks.

Automated attempts to access accounts are also a threat. Hackers secure access rights to corporate internal networks and then infiltrate internal systems such as mail servers and file servers that are not exposed externally.

Ransomware groups including Everest and LockBit Black operate dark web leak sites and demand money by threatening to disclose or sell stolen sensitive materials, KISA stressed.

KISA urged companies to strengthen monitoring of key systems, check web vulnerabilities, re-examine the 3-2-1 backup system, build cooperation frameworks with telecom companies for DDoS preparedness, apply multi-factor authentication, strengthen security training and respond to social engineering attacks such as voice phishing and smishing.