“Weekend Briefing” is a weekly newsletter sent to subscribers of The Readable every Friday. Our journalists select important news items from the previous week on topics ranging from privacy to policy development in cybersecurity, all to help you stay abreast of the latest breaking issues.
Chinese state-sponsored hackers are increasingly targeting vulnerabilities in edge infrastructure to stay under the radar, according to Luke McNamara, who visited Seoul this week to present Google Cloud Security’s latest findings. If you haven’t caught the full story yet, this briefing covers it.
According to Arkham Intelligence, North Korea has become the world’s third-largest holder of bitcoin. Meanwhile, WEMIX, a blockchain company that recently lost $6.8 million in cryptocurrency to theft, held a press briefing on Monday to address why it took four days to notify users of the breach. A new report from the South Korean government also highlights that hacking was responsible for more than half of last year’s personal data breaches.
This is Dain Oh reporting from South Korea, and here is your weekend briefing.
1. North Korea becomes world’s third-largest holder of government-owned bitcoin
North Korea is now believed to have the third-largest government-owned bitcoin reserve, holding 13,562 BTC—worth approximately $1.14 billion—according to Arkham Intelligence. This puts the country behind only the United States and the United Kingdom in bitcoin holdings.
The sharp rise in North Korea’s bitcoin holdings is largely due to a massive $1.5 billion crypto theft attributed to the Lazarus Group, a state-backed North Korean hacker collective. In February, the group reportedly stole primarily Ethereum tokens from Dubai-based exchange Bybit, later converting much of the haul into bitcoin. The attack—described as the largest crypto heist in history—involved breaching a cold wallet and transferring the assets to an unknown address.
The Lazarus Group has been linked to several major cryptocurrency-related cybercrimes, including the theft of $1.34 billion worth of tokens in 2024 alone. North Korea has a long history of training and deploying skilled hackers and IT professionals abroad to generate foreign currency. More recently, the regime has begun leveraging generative AI tools to further enhance its cyber operations.
2. WEMIX addresses $6.8M crypto hack, vowing investor protection
WEMIX, the blockchain subsidiary of South Korean game company Wemade, confirmed that it was hacked on Feb. 28, leading to the unauthorized withdrawal of 8.65 million WEMIX tokens—valued at approximately $6.8 million (9 billion South Korean won). The breach targeted its Play Bridge Vault, a system designed for transferring WEMIX across different blockchains.
At a press briefing on Monday, WEMIX CEO Kim Seok-hwan addressed the four-day delay in notifying customers about the hack, explaining that the company was concerned about potential follow-up attacks and market panic. He firmly denied any attempt to conceal the incident. Upon discovering the breach, WEMIX swiftly shut down the affected servers, launched an internal investigation, and reported the attack to the Seoul police.
The hacker reportedly gained access by stealing credentials from NFT platform Nile’s monitoring system, executing 13 successful withdrawals over two months. While initial speculation pointed to the Lazarus Group, external security experts found no strong evidence linking the attack to the North Korean hackers. Instead, the breach was likely traced to leaked materials uploaded by a developer in mid-2023.
To restore investor confidence and prevent future breaches, WEMIX announced a 10 billion Korean won buyback and a migration of its infrastructure to a new environment, aiming for full-service resumption by Mar. 21. The company also pledged to enhance security measures, improve communication protocols, and relentlessly pursue the hacker. CEO Kim Seok-hwan publicly apologized multiple times, emphasizing the foundation’s commitment to learning from the incident and strengthening WEMIX as a trusted blockchain platform.
3. Chinese hackers are targeting vulnerabilities in edge infrastructure, Google Cloud says
Chinese advanced persistent threat (APT) groups are focusing on vulnerabilities in edge infrastructure—such as virtual private networks (VPN), routers, and email gateways—rather than on weaknesses resulting from individual negligence, according to a security expert at Google Cloud.
Luke McNamara, deputy chief analyst of Mandiant Intelligence at Google Cloud, disclosed the findings at a press briefing in Seoul on Wednesday. During the hour-long presentation, he outlined global and regional cyber threat trends, focusing on activities by Chinese and North Korean APT groups.
Hackers linked to the Chinese government are actively exploiting zero-day vulnerabilities for cyber espionage. A recent research referred to during the briefing shows a sharp increase in zero-day exploits discovered across the security industry over the past four years. From 2015 to 2020, the number of exploits ranged from 19 to 33 annually, but that figure surged to 98 in 2023 alone. READ MORE
4. Over half of South Korea’s reported data breaches in 2024 caused by hacking
A report released by South Korea’s Personal Information Protection Commission and the Korea Internet & Security Agency reveals that 56% of the 307 personal data breach cases reported in 2024 were caused by hacking, up from 48% the previous year. Among the various hacking methods, unauthorized access to administrator pages was the most common, followed by SQL injection attacks, malware infections, and credential stuffing.
While more than half of the hacking cases involved unknown methods, human error (30%) and system malfunctions (7%) were also identified as contributing factors to data leaks. Public institutions represented 34% of the incidents, with reports from these entities more than doubling compared to the previous year. Local governments, educational institutions, and central administrative agencies were the most affected organizations in the public sector.
To prevent future breaches, authorities have called for stronger cybersecurity measures, such as implementing web application firewalls to block SQL injections, systems designed to detect and prevent credential stuffing, and improved protocols to prevent accidental exposure of sensitive data when uploading documents or sending emails.
5. South Korea urges stronger cybersecurity for drone industry amid rising hacking threats
South Korea’s National Intelligence Service (NIS) has issued a warning about rising hacking attempts by North Korea and other state-sponsored actors targeting domestic drone development companies. According to a press release from the NIS, these attacks typically involve phishing emails disguised as business communications and the exploitation of vulnerabilities in IT solutions such as enterprise email systems and centralized document platforms, with the goal of stealing sensitive drone technologies.
Although no critical data breaches have occurred so far, the NIS emphasized the urgent need for companies to implement robust internal cybersecurity systems. A joint inspection conducted in December with the Defense Acquisition Program Administration and the National Security Research Institute revealed widespread vulnerabilities, including inadequate security systems and poor management practices.
To bolster industry-wide defenses, the NIS hosted a cybersecurity briefing on March 13–14 in collaboration with the Ministry of Land, Infrastructure, and Transport, providing companies with a comprehensive cybersecurity manual. The guide covers essential regulations, firewall implementation, vulnerability checks, and security checklists. The NIS emphasized its continued support in preventing potential national security risks from cyberattacks targeting the drone-related defense and aerospace industries.
6. Google announces agreement to acquire Wiz
Google has announced a definitive agreement to acquire Wiz, Inc., a leading cloud security platform, for $32 billion in an all-cash transaction. Founded in 2020, Wiz specializes in identifying security risks in cloud-stored data and has quickly grown, serving major clients such as Barclays and Mars. This acquisition, Google’s largest to date, aims to enhance its cloud security offerings in response to the rising adoption of AI and the complexities of multi-cloud environments.
The integration of Wiz into Google Cloud is expected to strengthen security across multiple cloud platforms, including Amazon Web Services and Microsoft Azure, as Wiz’s services will remain available through these providers. Google CEO Sundar Pichai highlighted that this acquisition will enhance cloud security and support multi-cloud strategies for organizations, helping them better manage their diverse cloud environments.
The acquisition is still subject to regulatory approval and is expected to close in 2026. Given the size of the deal, it is likely to undergo significant scrutiny under current antitrust regulations. However, industry analysts view this as a strategic move that will notably enhance Google’s position in the cloud market, particularly in competition with major rivals like Microsoft and Amazon.
7. US public servants discuss ways to upgrade nation’s cyber posture
Cybersecurity officials from the U.S. federal government, as well as those from state and local governments, gathered this week in the nation’s capital to discuss shared security challenges.
At the second annual State & Local Cybersecurity Conference hosted by Billington Cybersecurity, panelists emphasized the importance of collaboration between state, local and federal agencies to protect citizens from escalating cyber threats. They also highlighted the need for strong cybersecurity training and education programs.
Over two days of discussions, speakers underscored the challenges posed by legacy systems and the urgent need for modernization. Greg McCarthy, Boston’s first chief information security officer, was among the panelists who addressed the difficulties of upgrading outdated systems. READ MORE
Editor’s note: Each item in this briefing was initially summarized or translated by ChatGPT-4o based on the author’s specific instructions, which included news judgment, fact-checking, and thorough editing before publication.
