Seoul, South Korea ― South Korea has expressed support for the United Kingdom’s public attribution of a cyber espionage campaign to Russian military intelligence, joining a growing chorus of international condemnation against malicious Russian cyber activities.
On July 18, the British government announced it had formally attributed the use of a sophisticated malware—dubbed “Authentic Antics”—to APT 28, a cyber threat group operated by the Russian General Staff Main Intelligence Directorate (GRU). According to the U.K.’s National Cyber Security Centre (NCSC), the malware was designed to steal login credentials and maintain long-term access to victims’ Microsoft cloud email accounts.
The attribution came shortly after the British government had imposed sanctions on three GRU units and 18 Russian individuals for their involvement in what it described as malicious hybrid operations targeting global security.
In a statement exclusively confirmed by The Readable, South Korea’s Ministry of Foreign Affairs acknowledged the U.K.’s announcement and reaffirmed its commitment to defending a secure cyberspace. “The Government of the Republic of Korea takes note of the recent statement issued by the Government of the United Kingdom,” it said. “In line with the Korea-U.K. Strategic Cyber Partnership signed in November 2023, we will continue to strengthen our cyber cooperation with the United Kingdom across all domains, including cyber deterrence.”
The Korea-U.K. Strategic Cyber Partnership outlines bilateral collaboration in enhancing cyber resilience, promoting shared international interests and detecting and disrupting cyber threats.
- Related stories: [Perspective] Cyber partnership between UK and Korea is a game changer in intelligence war
- Related stories: Combined cyber army of ROK and UK performed first exercise following strategic partnership
- Related stories: UK builds army of the future through ‘Defence Cyber Marvel’
The U.K.’s attribution comes amid coordinated statements of solidarity from the North Atlantic Treaty Organization (NATO) and the European Union (EU). NATO’s North Atlantic Council condemned Russia’s cyber activities as part of a broader hybrid campaign to destabilize member states and undermine Ukraine. The Council expressed concern over repeated GRU-linked cyber incidents affecting multiple allied nations, including Germany, France and Romania.
Echoing NATO, the EU’s top foreign policy official, High Representative Kaja Kallas, characterized Russia’s actions as part of a systematic and escalating pattern of hybrid interference. The EU confirmed its own sanctions against the same GRU units, emphasizing the need for a “coherent and sustained response” to safeguard the bloc’s security and democratic foundations.
British Foreign Secretary David Lammy said the sanctions demonstrate the U.K.’s resolve to counter what he called the Kremlin’s “campaign to destabilize Europe, undermine Ukraine’s sovereignty and threaten the safety of British citizens.” He vowed that “Putin’s hybrid threats and aggression will never break our resolve.”
While South Korea is not a NATO or EU member, its early and public alignment with the U.K. highlights growing international momentum behind cyber deterrence efforts and global norms for responsible behavior in cyberspace.
In an email statement to The Readable, a spokesperson for the British Embassy in Seoul welcomed South Korea’s statement, describing it as “significant and important” in the context of rising hybrid threats.
“South Korea’s restated commitment to the promotion of an open, free and secure cyberspace, following the U.K.’s attribution of malicious cyber activities to Russia’s GRU, is significant and important,” the spokesperson said. “The U.K.’s exposure of Russia’s malicious activity illustrates the broad and reckless nature of the threat faced by the U.K. and our allies and partners. Russia’s irresponsible, destructive and destabilizing hybrid activity is unacceptable, and the U.K. and its allies and partners will not stand by and allow this egregious behavior to pass unchallenged.”
The spokesperson added that the U.K. looks forward to building on the Korea-U.K. Strategic Cyber Partnership, especially in advancing cyber deterrence and strengthening cooperation in all areas of cybersecurity.
This shared commitment to cooperation reflects a broader international trend toward transparency and accountability in cyberspace.
Publicly naming the perpetrators behind cyberattacks—known as attribution—has emerged as a key strategic tool for governments facing growing digital threats. By exposing malicious actors, states can disrupt hostile operations, impose reputational costs and build international and domestic support.
A notable example is France’s recent shift in policy. In May, President Emmanuel Macron publicly attributed multiple hostile acts to Russia’s military intelligence, ending years of strategic silence. The move signaled a clear intent to confront threats with greater transparency, while aligning more closely with international partners in deterring future aggression.
Editor’s note: This article replaces this week’s Weekend Briefing.