Cybersecurity News that Matters

Cybersecurity News that Matters

Exclusive: South Korea voices support for UK’s exposure of Russian cyber espionage campaign

Illustration by Daeun Lee, The Readable

by Dain Oh

Jul. 24, 2025
5:48 PM GMT+9

Seoul, South Korea ― South Korea has expressed support for the United Kingdom’s public attribution of a cyber espionage campaign to Russian military intelligence, joining a growing chorus of international condemnation against malicious Russian cyber activities.

On July 18, the British government announced it had formally attributed the use of a sophisticated malware—dubbed “Authentic Antics”—to APT 28, a cyber threat group operated by the Russian General Staff Main Intelligence Directorate (GRU). According to the U.K.’s National Cyber Security Centre (NCSC), the malware was designed to steal login credentials and maintain long-term access to victims’ Microsoft cloud email accounts.

The attribution came shortly after the British government had imposed sanctions on three GRU units and 18 Russian individuals for their involvement in what it described as malicious hybrid operations targeting global security.

In a statement exclusively confirmed by The Readable, South Korea’s Ministry of Foreign Affairs acknowledged the U.K.’s announcement and reaffirmed its commitment to defending a secure cyberspace. “The Government of the Republic of Korea takes note of the recent statement issued by the Government of the United Kingdom,” it said. “In line with the Korea-U.K. Strategic Cyber Partnership signed in November 2023, we will continue to strengthen our cyber cooperation with the United Kingdom across all domains, including cyber deterrence.”

The Korea-U.K. Strategic Cyber Partnership outlines bilateral collaboration in enhancing cyber resilience, promoting shared international interests and detecting and disrupting cyber threats.

The U.K.’s attribution comes amid coordinated statements of solidarity from the North Atlantic Treaty Organization (NATO) and the European Union (EU). NATO’s North Atlantic Council condemned Russia’s cyber activities as part of a broader hybrid campaign to destabilize member states and undermine Ukraine. The Council expressed concern over repeated GRU-linked cyber incidents affecting multiple allied nations, including Germany, France and Romania.

Echoing NATO, the EU’s top foreign policy official, High Representative Kaja Kallas, characterized Russia’s actions as part of a systematic and escalating pattern of hybrid interference. The EU confirmed its own sanctions against the same GRU units, emphasizing the need for a “coherent and sustained response” to safeguard the bloc’s security and democratic foundations.

British Foreign Secretary David Lammy said the sanctions demonstrate the U.K.’s resolve to counter what he called the Kremlin’s “campaign to destabilize Europe, undermine Ukraine’s sovereignty and threaten the safety of British citizens.” He vowed that “Putin’s hybrid threats and aggression will never break our resolve.”

While South Korea is not a NATO or EU member, its early and public alignment with the U.K. highlights growing international momentum behind cyber deterrence efforts and global norms for responsible behavior in cyberspace.

In an email statement to The Readable, a spokesperson for the British Embassy in Seoul welcomed South Korea’s statement, describing it as “significant and important” in the context of rising hybrid threats.

“South Korea’s restated commitment to the promotion of an open, free and secure cyberspace, following the U.K.’s attribution of malicious cyber activities to Russia’s GRU, is significant and important,” the spokesperson said. “The U.K.’s exposure of Russia’s malicious activity illustrates the broad and reckless nature of the threat faced by the U.K. and our allies and partners. Russia’s irresponsible, destructive and destabilizing hybrid activity is unacceptable, and the U.K. and its allies and partners will not stand by and allow this egregious behavior to pass unchallenged.”

The spokesperson added that the U.K. looks forward to building on the Korea-U.K. Strategic Cyber Partnership, especially in advancing cyber deterrence and strengthening cooperation in all areas of cybersecurity.

This shared commitment to cooperation reflects a broader international trend toward transparency and accountability in cyberspace.

Publicly naming the perpetrators behind cyberattacks—known as attribution—has emerged as a key strategic tool for governments facing growing digital threats. By exposing malicious actors, states can disrupt hostile operations, impose reputational costs and build international and domestic support.

A notable example is France’s recent shift in policy. In May, President Emmanuel Macron publicly attributed multiple hostile acts to Russia’s military intelligence, ending years of strategic silence. The move signaled a clear intent to confront threats with greater transparency, while aligning more closely with international partners in deterring future aggression.


Editor’s note: This article replaces this week’s Weekend Briefing.

Subscription

Subscribe to our newsletter for the latest insights and trends. Tailor your subscription to fit your interests:

By subscribing, you agree to our Privacy Policy. We respect your privacy and are committed to protecting your personal data. Your email address will only be used to send you the information you have requested, and you can unsubscribe at any time through the link provided in our emails.

  • Dain Oh
    : Author

    Dain Oh is a distinguished journalist based in South Korea, recognized for her exceptional contributions to the field. As the founder and editor-in-chief of The Readable, she has demonstrated her expe...

    View all posts
Stay Ahead with The Readable's Cybersecurity Insights