Hackers exploit government network lapses over several years

For more than three years, unidentified hackers stole government employees’ digital certificates to access South Korea’s Onnara network, authorities confirmed only recently. Onnara, used by officials in central ministries and local governments, suffered its first reported breach. Officials have not ruled out leaks of confidential policy documents or approval records. The incident follows last month’s fire at the National Information Resources Service, which paralyzed the administrative network and exposed major vulnerabilities.

The Ministry of the Interior and Safety and the National Intelligence Service said that from September 2022 to July 2025, hackers stole more than 650 government-issued digital certificates, known as GPKI, and the passwords of 12 officials. Investigators believe the hackers installed malware on employees’ personal computers used outside government offices. Using the stolen credentials, they accessed the remote work system as if they were legitimate officials. Authorities have not yet determined which hackers viewed what information, the secrecy level of the data, or whether any documents were taken.

The breach itself is alarming, but the fact it went undetected for nearly three years is even more troubling. Multiple failed login attempts using stolen credentials were recorded, yet the monitoring system meant to flag unusual activity did not work properly. In August, a U.S. cybersecurity outlet reported signs of hacking at South Korea’s central ministries, including the Ministry of the Interior and Safety and the Ministry of Foreign Affairs. The government remained silent for two months before confirming the breach.

Officials now say they will strengthen cybersecurity. The plan calls for replacing the current authentication system with one using biometric data, including facial recognition and fingerprints, along with mobile identification. However, the incident shows that even the most advanced systems cannot protect networks if a few officials mishandle sensitive information.

The immediate priority is a comprehensive audit of the government network to determine the full extent of the damage. Some experts say citizens’ personal information stored in the system may have been compromised. Authorities also plan to identify negligent employees and expand the use of private-sector white-hat hackers to monitor vulnerabilities. Relying only on internal cybersecurity capabilities could leave the system at greater risk in the future.