SK Telecom reveals two years of painting attack and licks 26m IMSI records

SK Telecom shows that malware -intrusions, which remained hidden for almost two years, led to a course of 26.69 million IMSI units and 9.82 GB of USIM data. After the massive violation, discover the security upgrades and future plans for telecommunications.

A current data violation at the South Korean telecommunications gigant SK Telecom was reportedly much lower than initially assumed than initially assumed, with intrusion for almost two years. The company announced on Monday that the malware has remained undetected since June 2022.

The attack, which was open in April, influenced a significant part of the 23 million customers of SK Telecom who affect personal and financial details. The Ministry of Science and ICT as well as a joint team of public and private investigators showed that the attack endangered a significant part of SK Telecom's user data.

In particular, around 26.69 million international units for mobile subscribers -identity (IMSI) were leaked through. IMSI is a clear 15-digit or shorter number that identifies and authenticates every mobile phone subscribers. In addition, the investigators identified 25 types of malware and 23 affected servers, which claimed that 9.82 gigabytes were impaired by USIM information.

Reaction to the violation

In response to the back of the security, SK Telecom implemented a number of preventive measures. The company temporarily stopped new registrations for subscribers and replaced a nationwide program for replacing SIM cards as protection.

In addition, you have introduced an improved fraud detection system, FDS 2.0, in which a “triple-factor authentication process” is used to prevent non-authorized Sim- and device clones. This extended security is now automatically used in your network.

SK Telecom has also emphasized that so far no actual customer damage or cases for cloning of “terminal clones” have been reported and that all attempts at telephone or SIM card piracy are blocked at the network level, with three layers of checking the legitimacy of the subscriber, the SIM card and the device. The company has undertaken to “take full responsibility for all damage” that can result from violation and offers to replace the UsaSim of all 25 million subscribers, including 2 million budget telephone users.

National security concerns and future steps

The chairman of the SK group, Chey Tae-Won, apologized at the beginning of May in May and emphasized the severity of the incident by finding that “he had to be regarded as a question of national defense”.

The malware used in the attack is accepted as a BPFDoor, which can avoid authentication. It is usually used by hacking groups associated with China. Although no certain group has taken on responsibility, the concerns of the chairman and the identified malware match similar tactics that were observed in the recent attacks on US telecommunications companies.

In addition to technical upgrades, SK Telecom also improves customer support. From May 19, the company plans to offer “Mobile Service” visits in distant areas, to explain SIM protection services and to create SIM replacement on site. These efforts underline the company's commitment to the reconstruction of customer trust and strengthen cyber security in order to counteract cyber security threats.