Overview

• Hackers infiltrated SK Telecom’s systems on June 15, 2022, remaining undetected until April 2025, exfiltrating over 9GB of sensitive subscriber data.
• The breach affected 23 servers and leaked 21 types of subscriber information, including SIM authentication credentials and identification numbers.
• Malware identified as BPFdoor, linked to Chinese APT groups such as Salt Typhoon, suggests state-backed espionage rather than financial motives.
• Investigators are assessing whether encrypted call records were compromised, with experts warning of potential vulnerabilities in encryption management.
• South Korea's National Intelligence Service has replaced USIMs for government devices and is collaborating with allies to trace the perpetrators and bolster cybersecurity.