South Korea's National Intelligence Service on Wednesday assessed cyber threats and, after gathering expert views, released key characteristics of cyber threats in 2025 and five major threats expected this year.

The NIS said last year saw an expansion in the collection of advanced technologies and financially motivated hacking by international and state-backed hacking groups, and private-sector damage increased as major hacking incidents with wide impact occurred. Major hacking incidents have mainly occurred since April in core infrastructure sectors directly tied to daily life, including platforms, telecommunications, finance and public administration. They led to mass leaks of personal information and substantial financial losses.

It added that ransomware attacks on companies by international crime groups also surged, raising the level of cyber threats and public anxiety.

As for North Korean hacking groups, it said they expanded the theft of industrial technologies across sectors including defence, IT and health, and stole money worth a record 2.2 trillion won through hacks including attacks on overseas digital asset exchanges. In the process, hackers also used new tactics such as intensively exploiting IT product vulnerabilities to raise success rates, QR code-based phishing and the "lost phone reset" function.

The NIS also shared five major threats expected this year, taking into account last year's cyber threat characteristics, the entry into an era of complex security competition and the materialisation of AI-based threats.

It cited a deepening, across-the-board "cyber scramble" to secure geopolitical advantage; the spread of "indiscriminate cyber attacks" aimed at economic and industrial gains; maximising ripple effects through "multi-purpose cyber offensives" targeting key infrastructure; a shift in the cyber security paradigm due to "AI that hacks"; and the expansion of "hacking syndicate" forces in a symbiotic relationship among states, companies and criminal organisations.

Kim Chang-seop, third deputy director of the NIS, said a series of hacking incidents last year were directly threatening national security and people's lives beyond problems limited to specific sectors or companies. He said the agency would do everything it can to minimise damage to the public and businesses by actively cooperating in a joint government-wide response and deploying NIS capabilities at the right place and time.