South Korea (KR) Threat Intelligence

South Korea has 35,318 malicious IP addresses with 1,488,586 abuse reports. Top threat categories include ssh bruteforce, generic bruteforce, rdp bruteforce, web attack, email abuse. Top attacking networks: LARUS Limited (10,202 IPs), Korea Telecom (9,201 IPs), None (2,662 IPs). Data collected since 2022-12-19, last activity 2026-04-16.

Threat Assessment: South Korea shows substantial cyber threat activity, ranking among the top threat source countries worldwide. The dominant attack types are ssh bruteforce, generic bruteforce, rdp bruteforce. The majority of threats originate from networks operated by LARUS Limited and Korea Telecom.

Total Reports

1,488,586

Unique IPs

35,318

First Seen

2022-12-19

Last Activity

2026-04-16

Top Threat Categories

Ssh Bruteforce 4,555

Generic Bruteforce 409

Rdp Bruteforce 247

Web Attack 197

Email Abuse 151

Top Attacking Networks

AS17561 LARUS Limited

10,202 IPs

AS4766 Korea Telecom

9,201 IPs

AS0 None

2,662 IPs

Most Reported IPs in South Korea

115.92.155.19 395 reports

183.107.190.230 360 reports

211.197.62.36 318 reports

14.63.196.175 316 reports

125.141.233.20 304 reports

Access this data via API

Get South Korea threat intelligence programmatically.

curl https://ip.wayscloud.services/api/country/KR

View full API documentation

See how we classify and verify threats →

Check any IP from South Korea

Look up threat intelligence for a specific IP address.

Related: Country Threat Ranking Country Risk Trends → Top Malicious IPs → AS17561 Intelligence AS4766 Intelligence AS0 Intelligence Global Attack Trends Detect Malicious Traffic

Loading threat intelligence data...

South Korea (KR) Threat Intelligence

Top Threat Categories

Top Attacking Networks

Most Reported IPs in South Korea

Access this data via API

Check any IP from South Korea

Country Threat Intelligence Summary: South Korea

AI Threat Analysis

Activity Trend

Attack Categories

Severity Distribution

Top Attacking IPs