Fires in South Korean Data Centers Destroy 858 TB of Data and May Be Linked to North Korea

At the end of September 2025, South Korea suffered one of the most severe technological disasters in its history. Two fires in major data centers, occurring within a single week, paralyzed hundreds of government systems, including key online services for administration, postal operations, and tax filings.
The country’s Prime Minister described the incident as a case of “digital paralysis.”

Online speculation now suggests a possible link between these fires and a recent Phrack publication detailing the compromise of a North Korean hacker’s systems.

Fires and “Digital Paralysis”

The first fire broke out on September 26 in the building of the National Information Resources Service (NIRS) in Daejeon and burned for more than 22 hours. According to CNN and the Korea Herald, the blaze began when lithium-ion batteries from an uninterruptible power supply (UPS) system ignited during replacement and relocation to the building’s basement.

NIRS serves as the core of South Korea’s e-government infrastructure, hosting systems for both central ministries and local governments. More than a third of the country’s 1,600 government platforms were based in this facility.

As temperatures in the server rooms reached critical levels, overheating batteries reportedly triggered a chain reaction, spreading the fire through the power systems.
A total of 170 firefighters and 63 fire trucks battled the blaze, finally bringing it under control the following morning.

The impact was unprecedented:

• 96 critical systems failed outright
• 551 additional services were preemptively shut down to prevent cascading damage
  In total, 647 government platforms went offline simultaneously.

Government Data Lost Forever

The most devastating blow struck the state cloud platform G-Drive, a service comparable to Google Drive but mandatory for South Korean civil servants since 2018. Approximately 750,000 officials stored all work-related documents there, each with around 30 GB of allocated space.

Because both primary data and backups were housed within the same building, the fire destroyed all copies. The Korea Herald reports that up to 858 terabytes of government data have been irreversibly lost.

The Ministry of Personnel Management was hit hardest, as all departmental documents were stored exclusively in G-Drive. Employees are now attempting to recover data from local PC files, email attachments, and even paper archives.

Among other affected systems were:

• Government 24, the national public services portal
• The official email and mobile ID systems, disrupting airport operations
• Tax filing and complaint portals
• Parts of the 119 emergency call system

A Second Fire Raises Questions

Just one week later, on October 3, another fire erupted — this time at the Lotte Innovate data center, also in Daejeon. The blaze was extinguished within an hour, with 21 fire trucks and 62 firefighters responding. Preliminary reports again cite battery ignition as the likely cause.

Two major fires in similar facilities, in the same city, within seven days is statistically improbable. Experts have raised concerns that the incidents may reflect systemic negligence.

Indeed, in November 2023, a major administrative outage had already prompted recommendations to adopt a “twin server” architecture — a fully mirrored system for real-time data redundancy. Those recommendations were never implemented.

A 2024 government audit later found chronic equipment failures at NIRS, with some devices exceeding 100% failure rates due to delayed maintenance.

As of October 3, only 115 of the 647 disabled systems — about 18% — had been restored. Officials had initially pledged full recovery within two weeks, but analysts expect the timeline to extend significantly.

Criminal Investigation and Tragic Death

Authorities have since raided NIRS headquarters and several UPS equipment suppliers. Four individuals — one NIRS employee and three contractors — were detained for professional negligence related to the battery relocation process.

Tragically, the crisis also coincided with the death of a 56-year-old senior official involved in the data center recovery.
According to The Dong-A Ilbo, the official — a member of the E-Government Innovation Office — was found unconscious near the government complex in Sejong City on October 3 and later died in hospital. His phone was discovered in a smoking area on the 15th floor.
Authorities emphasize that he was not directly involved in the fire investigation, but the circumstances of his death remain under review.

Theories of a Link to the DPRK

Alongside the official investigation, a more speculative theory has emerged online — one that connects the data center fires to the Phrack magazine exposé titled “APT Down: The North Korea Files.”

Published in June 2025, the Phrack report detailed how hackers “Saber” and “cyb0rg” compromised a member of the North Korean cyber-espionage group Kimsuky (APT43 / Thallium).

According to the piece, the duo gained access to the hacker’s virtual machine and VPS, stealing nearly 20,000 records, including browser histories, stolen credentials, and internal malware documentation. Among the recovered materials were logs of intrusions into South Korean government systems, certificates from the Government Public Key Infrastructure (GPKI), and data related to the Onnara government portal.

The Phrack authors claimed they had been warning South Korean authorities about these intrusions since June 16, 2025, contacting KISA, KrCERT, and military counterintelligence.

The Timeline That Fuels Suspicion

• September 24, 2025 — South Korea’s parliament launched an investigation into cyberattacks originating from China and North Korea.
• September 25 — Government announced on-site inspections for September 26–27.
• September 26 (evening) — Fire erupted at NIRS, destroying Onnara and GPKI servers — the same systems referenced in the Phrack article.
• October 2 — Second fire at Lotte IDC, another site tied to the ongoing investigation.
• October 3 — Death of the senior official overseeing recovery efforts.

The Phrack authors also noted that the batteries identified as the fire’s origin were manufactured by LG, whose telecom subsidiary LG Uplus had been previously compromised by North Korean hackers — according to their findings.

This coincidence has led to online speculation that the fires were deliberate attempts to destroy evidence, and that the official’s death might be linked to the same chain of events.

However, these claims remain unverified.
South Korean authorities continue to treat the fires as accidents caused by technical failures and negligence, and the death investigation is being conducted separately.

The Aftermath

Whether coincidence or cover-up, the dual data center fires have exposed serious vulnerabilities in South Korea’s digital infrastructure — from poor redundancy planning to weak physical safety measures.
Even in a country often cited as one of the most technologically advanced, the incident serves as a stark reminder that data resilience is only as strong as its weakest safeguard.