Overview

• Hackers infiltrated SK Telecom's systems in June 2022, exfiltrating over 9 gigabytes of SIM-related data for nearly all 25 million subscribers by April 2025.
• Investigators discovered 23 compromised servers and 25 malware variants, including BPFdoor, a tool linked to Chinese APT groups such as Salt Typhoon and Red Mansion.
• The breach has raised concerns of strategic espionage, with experts suggesting motives beyond financial theft due to the prolonged and stealthy nature of the attack.
• Government agencies have replaced USIM cards and implemented protection services for official devices, with no breaches reported on phones used by key security departments.
• South Korea's National Intelligence Service is coordinating with counterparts in the US, UK, and Singapore, though missing log data from mid-2022 to late 2024 leaves the full scope of the breach uncertain.