Korea and Asia-Pacific Region, Cyber Attack Vulnerabilities Twice Global Rate

[Financial News] The industry most targeted by cyber attacks last year was financial services, and more than half of the organizations were unaware of the incidents internally until notified by external agencies. Recently, telecommunications and other critical networks have also become major cyber attack targets, with many cases related to state espionage rather than personal information theft.
■"System Vulnerability Attacks in Asia-Pacific Twice Global Rate"
According to 'Mandiant M-Trend 2025' released by Google Cloud Mandiant on the 27th, the most frequently exploited vulnerabilities in cyber incidents last year were security devices located at the network edge. Many major network vulnerabilities were found to exploit zero-day vulnerabilities, which had not yet been patched at the time of the initial attack. Mandiant analyzed that there has been a noticeable increase in attack attempts by cyber espionage organizations suspected to be linked to the Russian and Chinese governments, targeting edge devices.
The M-Trend report, now in its 16th year, is an annual report published by the dedicated Mandiant Consulting team, providing in-depth analysis of global cyber threat trends over the year.
Sim Young-seop, head of Google Cloud Mandiant Consulting for Korea and Japan, said at the media briefing held at Seoul Square in Jung-gu, Seoul, that “the rate of vulnerability exploitation as an initial infection route is twice the global average, and about 70% of incidents are detected by external agencies, indicating the need for continuous improvement in organizational security visibility and response capabilities.” He added, “Especially, attacks on edge devices using zero-day vulnerabilities make rapid detection and response difficult, highlighting the urgency of establishing proactive defense strategies against unknown threats. As threat actors continuously adapt and evolve against existing security systems, so must our defense systems.”
According to this report, the most targeted industry in 2024 was financial services, accounting for 17.4% of the total survey. Business and professional services (11.1%), high-tech (10.6%), government (9.5%), and healthcare (9.3%) followed. More than half of the cyber threat groups had financial motives (55%), an increase from the previous two years. Meanwhile, the proportion of threat groups for espionage purposes (8%) slightly decreased compared to the previous year.
In particular, the rate of vulnerability attacks as an initial infection route in Korea and the Asia-Pacific region was found to be about twice the global rate.
The most common initial infection route for cyber attacks was vulnerability exploitation (33%) for five consecutive years. Credential theft (16%) rose to second place for the first time in this survey, indicating a growing trend in this type of attack. This was followed by email phishing (14%), website compromise (9%), and previous breach cases (8%). However, in the JAPAC region, including Korea, the rate of vulnerability attacks was about 64%, double the global figure. Credential theft (14%) and website compromise (7%) were also noted.
57% of organizations first became aware of malicious activities through external agencies. 43% were notified by law enforcement or cybersecurity firms, and 14% were informed by ransom notes from attackers. In particular, in ransomware attacks, 49% of cases involved attackers notifying the breach. The proportion of external agency notifications in Korea, Japan, and Asia-Pacific was higher than the global average. 69% were notified by external agencies, with 12% being informed by attackers.
North Korea's cyber threat was also ongoing. North Korea is dispatching its citizens as remote IT contract workers to earn foreign currency and secure regime funds. North Korean IT personnel are using stolen or fabricated identities, fake careers, and documents to disguise employment in US and European tech companies, using VPNs and local collaborators to conceal and evade their actual locations.
■"Telecom Companies Also Major Hacking Targets... For Espionage Purposes"
Recently, it was analyzed that telecom companies, which have become major cyber attack targets, are expanding into strategic eavesdropping and state espionage activities rather than personal information theft.
Sim Young-seop reported that telecom companies are becoming major hacking targets globally, with attackers installing backdoors and conducting reconnaissance activities by eavesdropping on specific individuals' calls and emails over a long period.
For example, in last year's hacking incidents of US telecom companies like AT&T and Verizon, suspected to be linked to China, the US government estimated that they might have accessed government eavesdropping system information. Mandiant's investigation into various telecom cyber attack incidents also found evidence of prolonged surveillance for communication interception purposes.
Sim emphasized, "In general, hacking telecom companies should be viewed with a primary focus on state espionage activities rather than personal information. In such cases, national-level response support is needed rather than at the individual company level."

yjjoe@fnnews.com Yoonju Cho