Seoul Metro

The organisation operates the Seoul Subway System, also known as Seoul Metro.
It provides urban rail transit services for passengers in Seoul, South Korea.
Its core functions include managing train operations, maintaining station facilities, and overseeing related infrastructure.
The organisation is responsible for the day‑to‑day scheduling and running of the subway lines that form the Seoul metropolitan network.
It ensures the maintenance of rolling stock and track systems to support safe and reliable service.
As the operator of the Seoul subway, it is a key component of the city’s public transportation framework.

On 1 July 2015 the organisation suffered a cyberattack that compromised two servers managing its internal computers.
The breach enabled unauthorized access to 213 systems and led to malicious code infecting 58 devices.
Twelve internal documents concerning human resources and operational management were exfiltrated during the incident.
The Korea Herald reported the attack, noting that the National Intelligence Service attributed it to an Advanced Persistent Threat group.
The NIS observed similarities to a prior operation suspected of North Korean origin, although insufficient log data prevented definitive attribution.
The operator confirmed that subway safety systems remained unaffected because they were isolated from the compromised network.
Following the incident the organisation reported a significant increase in annual cyberattack attempts, approaching previous yearly totals within a few months.
Remediation involved mass PC formatting of the affected machines and the implementation of enhanced security protocols.