Cyber Incident Victim: South Korea

Between August 29 and September 3, 2022, three South Korean government-affiliated YouTube channels suffered unauthorized access and content manipulation. The first confirmed breach occurred on August 29 against the National Museum of Modern and Contemporary Art, Korea's YouTube channel, which was compromised and restored the same day. Subsequent attacks targeted the Korea Tourism Organization's "Imagine Your Korea" channel on September 1 and 2, where hackers temporarily erased segments of the popular "Feel the Rhythm of Korea" video series before full restoration on September 3. The most disruptive incident occurred on September 3 when attackers compromised the main South Korean government YouTube channel (260,000 subscribers), rebranding it as "SpaceX Invest" and livestreaming an Elon Musk interview clip to over 50,000 concurrent viewers before restoration at 7:20 a.m. that day.

The incidents triggered immediate operational responses across affected agencies. The Ministry of Culture, Sports and Tourism convened an emergency meeting on September 3 following detection of the government channel breach via a staff member's blog post discovery. Google Korea confirmed all compromises and collaborated with Seoul cyber police on investigations to determine attack vectors. While all channels resumed normal operations within 24 hours of each breach, the KTO reported temporary content loss requiring recovery efforts. The attacks revealed vulnerabilities in government-managed social media accounts, prompting the KTO to evaluate creating backup subchannels. No permanent data loss or financial impacts were reported, though the high viewership during the government channel's compromise amplified public visibility of the security failures.