Who hacked S. Korea's largest telecom, and why? Growing concerns the SKT data breach wasn't just about money
Nearly three years before South Korea's largest telecom provider knew anything was wrong, hackers had already broken into SK Telecom's internal systems. This detail emerged from a briefing this Monday by the government's public-private joint investigation team, which is probing one of the country's most serious cybersecurity breaches in recent memory.
The attackers first embedded malware on June 15, 2022, according to the investigation. That software remained hidden until last month, when over 9 gigabytes of sensitive SIM-related data tied to approximately 25 million subscribers, including customers of SKT's budget MVNO carriers, was suddenly exfiltrated. Among the leaked data were 21 types of subscriber-related information, including identification numbers and SIM authentication credentials.
What hasn't been confirmed, however, is whether call records or other highly sensitive personal communications data were taken. SK Telecom has said its call detail records (CDRs) are encrypted, but encryption alone may not be enough, warns Professor Kim Seung-joo of Korea University's Graduate School of Information Security.
'Even encrypted data is vulnerable if the keys aren't securely managed,' he said in a separate media interview on Tuesday. 'The same thing happened to nine US telecoms last year.'
CDRs are highly valuable in state-backed cyber operations. Unlike credit card data, they reveal patterns of communication and movement, making them ideal for tracking public officials and institutions, he explained.
The malware discovered on SK Telecom's servers included BPFdoor, a backdoor tool also used by Salt Typhoon, the Chinese-linked group behind the attacks on AT&T, Verizon and T-Mobile.
South Korean investigators have not confirmed the attribution, but suspicion is growing.
Professor Lim Jong-in, a cyber defense expert at Korea University, told local radio on Wednesday morning that he suspects the Chinese hacking group Red Mansion may be behind the intrusion. They are known for APT-style cyberattacks -- operations that are typically slow-moving, well-funded and thus conducted by nation-state actors rather than ordinary cybercriminals. APT stands for Advanced Persistent Threat.
'Their yearslong persistence and stealth tell you this wasn't just about stealing data for profit,' said Professor Yum Heung-yeol, another cybersecurity scholar at Soonchunhyang University, according to a local media report on Wednesday. 'To compromise a core telecom operator without any spies or insider cooperation is not something amateur hackers can do.'
So far, no customers have reported cloned phones, suspicious charges or extortion attempts. That silence and the long-term nature of the breach, the experts have all said, makes financial motives unlikely.
'We are looking into multiple possibilities, including whether the attack was to steal data or to establish long-term access to deeper systems,' said Ryu Jae-myeong, director-general of network policy at the ICT Ministry involved in the joint investigation team.
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Korea Herald
3 hours ago
- Korea Herald
Daughter of Korean priest detained by ICE after visa hearing
A 20-year-old South Korean student at Purdue University and daughter of an Episcopal priest has been detained by the US Immigration and Customs Enforcement after attending a routine court hearing over her visa status, according to news reports Sunday. The Episcopal Diocese of New York and immigrant advocacy groups are calling for the immediate release of Go Yeon-soo, saying she was unfairly detained despite having legal status, and that immigration authorities bypassed proper legal procedures. Go, a graduate of Scarsdale High School in Westchester County, is the daughter of the Rev. Kim Ky-rie, the first woman ordained in the Seoul Diocese of the Anglican Church of Korea. According to the family, Go entered the United States in March 2021 on an R-2 visa, a dependent visa for family members of R-1 religious visa holders, following her mother's relocation. The family said her stay was legally extended in 2023 and that her status remains valid through the end of 2025. However, immigration authorities reportedly interpreted her status differently and deemed her stay unlawful. On July 31, Go appeared before the New York Immigration Court and was given a continuance for her hearing, which was rescheduled for October. But shortly after exiting the courthouse, she was detained by ICE agents. She is currently being held at the ICE office in Manhattan and is expected to be transferred to a detention facility for immigrants. 'Her mother receives regular calls from Yeon-soo, and she's being held at 26 Federal Plaza, which, as we know, is not a facility with showers, beds or hot meals,' said the Rt. Rev. Matthew Heyd, bishop coadjutor of the Episcopal Diocese of New York, during a press conference Saturday. 'These detentions are not only illegal — they're immoral.' The press conference was held outside the ICE office in Manhattan by the diocese and a coalition of immigrant advocacy organizations. The case comes amid growing concerns over the treatment of immigrants, particularly among the Korean community. Last month, Tae-heung Kim, a 40-year-old Ph.D. student at Texas A&M University, was detained by federal agents at San Francisco International Airport and remains in custody.
Korea Herald
5 hours ago
- Korea Herald
Trump's China tariffs reshape US ESS market, offer boon for Korean batteries
The market for energy storage systems, or ESS, in the US is at a critical juncture, as Korean battery-makers move to fill the gaps left by domestic players hurt by tariffs. Oregon-based Powin, once a top-three ESS integrator, filed for bankruptcy after tariff-driven costs on Chinese battery imports surged, exposing how vulnerable US firms are to foreign supply shocks. According to recent media reports, Powin, headquartered in Oregon, filed for Chapter 11 bankruptcy protection last month at a court in New Jersey after piling on more than $300 million in debt. The Chapter 11 filing will enable the company to operate under court supervision while restructuring its finances. The main factor behind Powin's collapse was its inability to find alternative suppliers for battery cells outside of China. The company predominantly sourced lithium iron phosphate, or LFP, battery cells from Chinese battery-makers, including CATL, and integrated them into its ESS products. Powin has reportedly suffered from project delays or even renegotiations with clients due to supply chain disruptions arising from its dependence on China-focused battery sourcing. Last month, the company said in a statement that its 'significant financial challenge' was 'reflective of ongoing headwinds in the broader energy storage industry.' Chinese-made ESS batteries imported into the US are currently subject to a 40.9 percent tariff, which is anticipated to rise to 58.4 percent next year. Changing tables at LG's lead Industry insiders indicate that while Trump's strategy to curb US reliance on the Chinese battery supply chain may come at the expense of domestic companies like Powin, it is likely to open doors for Korean battery-makers. Notably, LG Energy Solution, the only company capable of manufacturing LFP ESS cells in the US at its Michigan facility, is moving fast to capitalize on this emerging market with no clear leader. The company was recently reported to have secured a 6 trillion won ($4.3 billion) deal to supply LFP batteries for Tesla's ESS products. Tesla was considered a promising US company to start LFP cell manufacturing for its ESS lineups, such as Megapack and Powerwall, at its Nevada facility. But its production capacity will apparently not be enough to meet market demand. During its second-quarter earnings conference call, LG Energy Solution also hinted at the possibility of converting portions of the production lines at its joint venture facilities in the US with global automakers -- likely the second plant with General Motors in Tennessee -- from electric vehicle manufacturing to ESS. It aims to increase its capacity from a potential 17 gigawatt-hours by the end of this year to 30 gigawatt-hours by 2026. The Tennessee plant, with an annual capacity of 50 gigawatt-hours, could potentially secure an additional 10 gigawatt-hours for LFP production. This is based on last year's 40 percent operational rate and the potential allocation of half its capacity to LFPs. 'Utilizing a joint venture facility with GM is an efficient move to streamline capital expenditures, while swiftly addressing the fast-growing demand for ESS,' said Lee Ho-geun, a car engineering professor at Daeduk University. 'This strategy could buy time for LG to prepare its third joint plant, acquired from GM, for ESS battery production.' On Thursday, Samsung SDI announced that it will convert a portion of the EV production lines at its joint venture plant with Stellantis in Indiana into ESS lines, with large-scale production for nickel, cobalt and aluminum batteries set to start this year. It looks to produce LFP ESS cells next year. SK On is also gearing up for large-scale manufacturing of LFP cells and has signed a cathode supply deal with L&F Co. for the North American market. Containerized ESS in spotlight Korean companies look to solidify their presence in the US with large-scale, containerized ESS, spurred by the rapid expansion of data centers and the increasing demand for reliable electricity supply solutions. Among the ESS products, ranging from battery packs to containerized systems, containerized ESS is gaining momentum, driven by the rapid expansion of data centers and the increasing demand for reliable electricity supply solutions. 'Compared to small battery packs for residential applications, containerized ESS are more effective in boosting sales and profits because they are considered value-added products,' said an industry source familiar with the matter on condition of anonymity. 'These systems are equipped with various features, including safety mechanisms that control humidity and temperature to protect the battery systems within the container.' Samsung SDI's flagship Samsung Battery Box 1.5, a fully equipped, ready-to-deploy product, is housed within a 20-foot container using nickel, cobalt and aluminum cells, with an energy capacity of approximately 5.26 megawatt-hours. LG Energy Solution's JF2S DC Link, similar in size to Samsung Battery Box 1.5, offers a capacity of approximately 5 MWhs. However, it is powered by more cost-effective LFP batteries.
Korea Herald
7 hours ago
- Korea Herald
SK On rebrands R&D arm to boost battery innovation
South Korean battery-maker SK On has renamed its core research and development center the "Future Technology Research Institute," strengthening its commitment to innovation-led growth and next-generation battery technologies. The institute, previously the SK On Battery Research Institute, has played a central role in the company's battery development since its early days, including the world's first NCM9 cell with 90 percent nickel content as well as the introduction of Z-folding technology. The newly branded institute will focus on diversifying battery chemistries and formats — including solid-state batteries, lithium iron phosphate batteries and prismatic designs — while prioritizing cost competitiveness and product safety as short-term goals. To reduce costs, SK On will advance its cell-to-pack integration and plans to complete lithium iron phosphate and midnickel cell-to-pack development by this year. A pilot dry electrode plant will also be established to cut energy and equipment costs. For safety, the company aims to complete solid-state battery prototypes using polymer-oxide gel electrolytes and complete production by the end of next year. The institute will also develop immersion cooling-based thermal runaway prevention technologies, with progress expected to accelerate following its planned merger with SK Innovation's lubricant subsidiary SK Enmove in November. 'With global competition intensifying and market conditions changing fast, we will grow SK On into a technology-driven company through a clear R&D strategy,' said Park Ki-soo, inaugural head of the institute and former head of R&D at SK On.
