SK Telecom has disclosed a malware intrusion that eluded detection for nearly two years, resulting in the exposure of 26.69 million IMSI units and 9.82 GB of USIM data. The company has outlined its security enhancements and strategic future plans in light of this significant breach.
In a startling announcement, South Korea’s telecommunications leader SK Telecom revealed that a data breach affecting its systems was far more extensive than originally anticipated, with the breach remaining undetected since at least June 2022. This incident, disclosed publicly in April, has compromised the personal and financial information of a large segment of its 23 million customers.
The breach was examined by a joint task force from the Ministry of Science and ICT and other public and private entities. They confirmed that a significant amount of user data was compromised, specifically around 26.69 million International Mobile Subscriber Identity (IMSI) units. This 15-digit or shorter identifier is crucial for authenticating mobile subscribers. Moreover, investigators identified 25 distinct types of malware and quarantined 23 affected servers, protecting an additional 9.82 gigabytes worth of sensitive USIM information.
Response to the Breach
In reaction to this security failing, SK Telecom has implemented a range of proactive measures. Temporarily halting new subscriber registrations, the company launched a nationwide initiative to replace SIM cards as a precautionary measure.
The company has rolled out an enhanced fraud detection system, FDS 2.0, which utilizes a robust “triple-factor authentication” method designed to thwart unauthorized cloning of SIMs and devices. This layer of security is now seamlessly integrated across its network infrastructure.
SK Telecom further reassured customers that no reported instances of unauthorized SIM or terminal cloning have occurred thus far. To mitigate any potential threats, network defenses have been bolstered to block three levels of verification to ensure the authenticity of subscribers, SIM cards, and devices. The company has committed to taking full responsibility for any damages resulting from the incident, offering to replace the USIMs of all affected subscribers, including those using budget phones, at no charge.
National Security Implications and Future Plans
Chey Tae-won, chairman of SK Group, publicly apologized to customers in May, emphasizing the national security implications of the breach, which he described as a critical issue deserving serious attention.
The malware responsible for the attack is suspected to be BPFdoor, known for its ability to bypass authentication processes. Its association with hacking groups linked to China raises further concerns, particularly as similar tactics have been noticed in recent breaches of U.S.-based telecommunications firms.
Beyond technological advancements, SK Telecom aims to enhance customer assistance. As of May 19, the company will offer “mobile service” visits to remote regions, educating customers on SIM protection services and facilitating on-site SIM replacements and resets. This initiative underscores SK Telecom’s commitment to regaining customer trust while bolstering cybersecurity measures to confront emerging threats.
