Cyber Incident Victim: National Museum of Modern and Contemporary Art

Between August 29 and September 3, 2022, multiple South Korean government-affiliated YouTube channels experienced unauthorized access and content manipulation. The National Museum of Modern and Contemporary Art, Korea (MMCA) became the first confirmed victim when its YouTube channel was compromised on August 29. The museum successfully restored control of the channel the same day, though specific details regarding the attacker's actions during the breach were not publicly disclosed. This incident preceded a broader pattern of attacks targeting official channels, with the Korea Tourism Organization's "Imagine Your Korea" YouTube channel hacked on September 1 and again on September 2. During these intrusions, attackers temporarily removed segments of the popular "Feel the Rhythm of Korea" video series from the KTO channel, though all content was fully recovered by September 3.

The most disruptive breach occurred on September 3 against the main South Korean government YouTube channel, which had approximately 260,000 subscribers. Attackers renamed the channel "SpaceX Invest" and livestreamed an interview clip featuring Elon Musk, attracting over 50,000 concurrent viewers before detection. Ministry of Culture, Sports and Tourism personnel identified the compromise at 6:00 AM through a blog post containing a screenshot of the unauthorized livestream. Restoration efforts concluded by 7:20 AM that morning. All affected organizations confirmed their channels were managed internally rather than through third-party contractors. Google Korea acknowledged the breaches and collaborated with Seoul cyber police to investigate the incidents' origins. The Culture Ministry convened emergency meetings to develop preventive measures, while the KTO explored establishing backup subchannels to enhance resilience against future attacks. No permanent data loss or financial impacts were reported across the incidents.