On July 19 at 3:30 PM (local time), a significant disruption in Microsoft (MS) cloud services occurred, triggered by a conflict between a security program distributed by CrowdStrike and MS Windows. This conflict resulted in the notorious “Blue Screen of Death” phenomenon, where the PC screen suddenly turns blue, causing widespread chaos.
The disruption had far-reaching consequences, leading to the delay or cancellation of over 5,000 flights worldwide and causing significant disruptions in broadcasting, telecommunications, and financial services. The crisis, which began last week, paralyzed numerous infrastructures globally, including aviation, healthcare, and finance. However, South Korea appeared to have been relatively less affected.
On July 20 (local time), Microsoft announced that an update from the security firm CrowdStrike impacted approximately 8.5 million Windows devices. This figure represents less than 1% of all Windows devices. “While the percentage is small, the widespread economic and social impact reflects that many companies operating major services use CrowdStrike,” Microsoft stated. Reuters reported that a significant number of the affected devices have now returned to normal operating conditions.
The Ministry of Science and ICT in South Korea announced that 26 major telecommunications operators, including the three major telecom companies, Naver, and Kakao, which are legally obligated to report in the event of a disaster, were not affected by this incident. Among domestic companies, 10 were confirmed to have been affected, with three low-cost airlines—Jeju Air, Eastar Jet, and Air Premia—reportedly having mostly restored their systems.
Domestic banks and exchanges in South Korea used their own servers, and government agencies primarily relied on domestic clouds for security reasons, thus avoiding the impact. The Ministry of Science and ICT explained that the private sector in South Korea mostly uses distributed cloud systems. The Ministry, along with the Korea Internet & Security Agency (KISA), is maintaining 24-hour monitoring to guard against potential cyberattacks related to this incident.
The current status indicates that many of the affected systems have been restored, and normal operations are resuming. However, the incident underscores the critical importance of cybersecurity in modern infrastructure and the potential consequences of security failures. The proactive measures taken by South Korean authorities, including the use of domestic cloud services and distributed systems, highlight the importance of robust and localized IT infrastructure in mitigating the impact of such crises.