South Korean authorities revealed last week that hackers had infiltrated mobile operator SK Telecom for three years before the telco realised anything was wrong. Half the Korean population are SK Telecom customers.
The malware discovered on the telco’s servers included BPFdoor, a backdoor tool also used by Salt Typhoon, the Chinese-linked group behind the attacks on AT&T and Verizon.
An investigation revealed that the attackers first embedded malware on June 15, 2022. That software remained hidden until last month, when over nine gigabytes of sensitive SIM-related data tied to approximately 25 million subscribers, including customers of SKT’s budget MVNO carriers, was suddenly exfiltrated.
Among the leaked data were 21 types of subscriber-related information, including identification numbers and SIM authentication credentials.
We deeply apologise for the inconvenience caused to our customers due to the cyber breach incident,” SK Telecom said on its social media platforms. “SK Telecom will be 100% responsible for any damage caused by illegal SIM/password duplication.”
“This large-scale malware attack on a major South Korean company demonstrates the power of malware campaigns and why organisations must adopt proactive cybersecurity approaches to protect customer data,” said Keeper Security CEO Darren Guccione. “Although few specifics are available about the information that was leaked, SK Telecom’s offer to replace Universal Subscriber Identity Module (USIM) cards for all 23 million users indicates that a considerable amount of sensitive information may have been compromised. The immediate concern for SK Telecom and its customers is the exploitation of the exposed data.”
“Organisations that protect sensitive data have a responsibility to take proactive security measures to protect their customers’ information,” he adds. “Real-time monitoring, security audits and implementing a zero-trust security architecture can help secure an organisation’s digital assets. In the event that a successful breach does occur, tools like Privileged Access Management (PAM) solutions can limit a threat actor’s reach. A PAM solution works by tightly monitoring access and activity in privileged accounts while also ensuring organisations meet regulatory and industry compliance requirements. PAM also minimises insider threats.”
“Though it’s currently unknown how many users had their data breached, customers of SK Telecom should act as if their sensitive data has already been compromised,” Guccione continues. “Concerned users should take advantage of the offered security measures, including free USIM card replacements and information protective services. If you’ve provided SK Telecom payment information, consider freezing your bank accounts or credit. Dark web monitoring tools are also effective to determine whether or not your personal information has fallen into the wrong hands so you can take action immediately.”
