In June 2021, Daewoo Shipbuilding & Marine Engineering (DSME), a South Korea-based maritime and defense contractor, fell victim to a sophisticated cyber-attack. The hackers, suspected to be state-affiliated actors from North Korea or China, infiltrated the company’s computer systems but failed to exfiltrate any data. Investigations revealed that the attackers were specifically targeting classified information related to South Korea’s nuclear submarine program, a critical defense asset. This incident marked the second cyber-attack on DSME, raising concerns about persistent vulnerabilities in its cybersecurity infrastructure. While no data breach or operational disruption was confirmed, the attack underscored the high strategic stakes involved, given the sensitive nature of the targeted information. The lack of compromised data suggests the attackers were either probing for weaknesses or were interrupted before achieving their objectives. However, the mere attempt to access nuclear submarine-related intelligence highlights the geopolitical and military implications of the breach, as such data could be leveraged for espionage or sabotage. The incident also reinforced the need for enhanced cybersecurity measures in defense-related industries, particularly those handling classified military technology.

In 2016, Daewoo Shipbuilding & Marine Engineering (DSME) in South Korea fell victim to a sophisticated cyber espionage attack orchestrated by North Korean hackers. The primary objective was to steal classified military intelligence, specifically targeting South Korea’s submarine programs and sensitive data related to Aegis Class destroyers, a critical asset for naval defense. The breach resulted in the exfiltration of approximately 40,000 documents, including 60 classified military files, compromising national security and defense capabilities. The attack had severe strategic implications, as the stolen data could undermine South Korea’s military advantage and alliance with the U.S. Navy, particularly concerning the Aegis Combat System deployed on vessels like the destroyer Yulgok Yi I. The incident also highlighted vulnerabilities in DSME’s cybersecurity infrastructure, as the company suffered two additional hacks following this breach. The stolen information posed risks beyond corporate espionage, potentially enabling adversaries to exploit weaknesses in naval technology, disrupt defense operations, or even influence geopolitical tensions in the region. The breach’s scale and the nature of the compromised data—directly tied to military and national security—elevated it to a critical threat level.