Latest news with #RyuJe-myung
Korea Herald
04-07-2025
- Business
- Korea Herald
SKT's negligence led to massive hacking, ministry confirms
The South Korean government concluded Friday that SK Telecom failed to take proper action to prevent its massive hacking attack, leaking about 10 gigabytes of sensitive subscriber data as early as August 2021. Authorities ordered the company to allow customers to cancel contracts without paying early termination penalties, a move that could potentially cost the telecom giant billions of won. The Ministry of Science and ICT announced the results of a joint public-private investigation, confirming that hackers first planted malware inside SKT's internal servers on Aug. 6, 2021 — about 10 months earlier than initially estimated. 'SKT failed to fulfill its security obligations to protect subscriber data to deliver secure telecommunication services,' Vice Minister Ryu Je-myung of the Science Ministry said. A forensic inspection of more than 42,600 servers uncovered 33 types of malware, including 27 BPFdoor variants. Hackers infiltrated a server connected to SKT's network management system, planting malicious code to gain access to the Home Subscriber Servers and exfiltrate 9.82 GB of USIM subscriber data — covering nearly all of SKT's customers — and amounting to 26.96 million subscriber identifier records. Investigators also discovered that device identifiers, personal data and call detail records had been stored in plaintext rather than encrypted. While no evidence of leaks was found during periods covered by existing firewall logs, the ministry warned that it could not confirm whether data was exposed during gaps in log records. Authorities also noted a supply chain vulnerability after discovering malicious code embedded in third-party software used by an SKT vendor. The code was installed on 88 SKT servers, but there was no evidence that it had been executed or led to data leaks. 'SKT detected abnormal server reboots in February 2022 and even discovered malware on one server during an internal check, but did not report the incident to authorities at the time. It violated the notification obligations,' Ryu said. Ryu also identified weaknesses in SKT's overall cybersecurity posture, including insufficient investment and staff, and a corporate CISO whose responsibilities were limited to IT systems rather than covering the carrier's core networks. The ministry ordered SKT to adopt multifactor authentication for server access, store firewall and system logs for at least six months, and elevate the CISO role to report directly to the CEO. They also called for the deployment of advanced endpoint detection and response solutions, regular quarterly security inspections of all assets and full encryption of the USIM authentication keys, which other mobile carriers KT and LG Uplus have already implemented. The ministry also obligated the company to allow subscribers with time left on their contracts to cancel without penalties. SKT has estimated that if up to 5 million customers decide to leave, combined losses from waived penalties and lost revenue could exceed 7 trillion won. "This SKT breach is a wake-up call for the entire telecommunications industry and our national network infrastructure. As Korea's top mobile carrier, SKT must prioritize cybersecurity," Science Minister Yoo Sang-im said.
Korea Herald
19-05-2025
- Korea Herald
Nearly 27 million mobile fingerprints leaked in SK Telecom data breach: ministry
Malware attack began in June 2022, officials say A joint team of public and private investigators found that nearly 27 million units of international mobile subscriber identity, or IMSI, have been leaked from SK Telecom's data breach, the Ministry of Science and ICT said Monday. 'The investigators confirmed that the amount of leaked (universal subscriber identity module, or USIM) information was 9.82 (gigabytes), which equals to about 26.69 million units of the IMSI,' said Choi Woo-hyuk, director general of the Cyber Security & Network Policy Bureau at the Science Ministry, in a press briefing to announce the interim findings of the probe at the Government Complex Seoul. IMSI, which can be regarded as a mobile fingerprint, is a 15-digit or shorter number used to identify and authenticate each mobile subscriber on a cellular network. As for SK Telecom's 25 million subscribers being smaller than the number of leaked IMSIs, the officials explained that the number of IMSIs combines all universal subscriber identity modules, or USIMs, loaded onto not only smartphones but also smart watches and other connected devices using the Internet. The authorities announced that they found 25 types of malware and 23 hacked servers so far, up 21 and 18, respectively, from the previous discoveries released by the joint investigation on April 29. Having completed the investigation of 15 servers through detailed assessments, such as forensic and log analysis, the authorities plan to finish the investigation of the remaining eight servers by the end of May. According to the investigators, the first malware was found to have been installed on June 15, 2022. They added that no data was leaked between Dec. 2, 2024, and April 24, 2025. However, they could not confirm whether any data was leaked between June 15, 2022, and Dec. 2, 2024, a period without firewall log history. Regarding the concerns over possible damages from copy phones, whether the information of international mobile equipment identity, or IMEI, a 15-digit serial number assigned to every mobile phone, was leaked or not drew serious worries among the public. Unlike the government's previous announcement in April, the authorities confirmed during Monday's briefing that they found a hacked server containing 291,831 units of IMEI. According to investigators, there were no damage reports regarding the data breach at the country's biggest telecom carrier yet. They added that phone makers say making copy phones just using the IMEI information is technically impossible. 'Given the types of malware and the methods used in this attack, it is clear that a far more sophisticated level of analysis and efforts are needed compared to what we've seen before,' said Ryu Je-myung, deputy minister of the Office of Network Policy. "That is why we are conducting this investigation with the utmost intensity, based on the judgment that unless we uncover every potential risk thoroughly, there could be even greater threats in the future."
