Who hacked S. Korea's largest telecom, and why? Growing concerns the SKT data breach wasn't just about money
Some suspect a sophisticated Chinese hacking group may be behind the attack, raising potential alarms over cyber security
Nearly three years before South Korea's largest telecom provider knew anything was wrong, hackers had already broken into SK Telecom's internal systems. This detail emerged from a briefing this Monday by the government's public-private joint investigation team, which is probing one of the country's most serious cybersecurity breaches in recent memory.
The attackers first embedded malware on June 15, 2022, according to the investigation. That software remained hidden until last month, when over 9 gigabytes of sensitive SIM-related data tied to approximately 25 million subscribers, including customers of SKT's budget MVNO carriers, was suddenly exfiltrated. Among the leaked data were 21 types of subscriber-related information, including identification numbers and SIM authentication credentials.
What hasn't been confirmed, however, is whether call records or other highly sensitive personal communications data were taken. SK Telecom has said its call detail records (CDRs) are encrypted, but encryption alone may not be enough, warns Professor Kim Seung-joo of Korea University's Graduate School of Information Security.
'Even encrypted data is vulnerable if the keys aren't securely managed,' he said in a separate media interview on Tuesday. 'The same thing happened to nine US telecoms last year.'
CDRs are highly valuable in state-backed cyber operations. Unlike credit card data, they reveal patterns of communication and movement, making them ideal for tracking public officials and institutions, he explained.
The malware discovered on SK Telecom's servers included BPFdoor, a backdoor tool also used by Salt Typhoon, the Chinese-linked group behind the attacks on AT&T, Verizon and T-Mobile.
South Korean investigators have not confirmed the attribution, but suspicion is growing.
Professor Lim Jong-in, a cyber defense expert at Korea University, told local radio on Wednesday morning that he suspects the Chinese hacking group Red Mansion may be behind the intrusion. They are known for APT-style cyberattacks -- operations that are typically slow-moving, well-funded and thus conducted by nation-state actors rather than ordinary cybercriminals. APT stands for Advanced Persistent Threat.
'Their yearslong persistence and stealth tell you this wasn't just about stealing data for profit,' said Professor Yum Heung-yeol, another cybersecurity scholar at Soonchunhyang University, according to a local media report on Wednesday. 'To compromise a core telecom operator without any spies or insider cooperation is not something amateur hackers can do.'
So far, no customers have reported cloned phones, suspicious charges or extortion attempts. That silence and the long-term nature of the breach, the experts have all said, makes financial motives unlikely.
'We are looking into multiple possibilities, including whether the attack was to steal data or to establish long-term access to deeper systems,' said Ryu Jae-myeong, director-general of network policy at the ICT Ministry involved in the joint investigation team.
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Korea Herald
2 days ago
- Korea Herald
Time to pivot to China, India and move beyond US: Mirae Asset vice chairman
As cracks emerge in the US-centered investment landscape -- driven by geopolitical uncertainty and waning global confidence -- Mirae Asset Securities Vice Chairman Heo Sun-ho called for a strategic rebalancing toward China and India. Speaking at a global asset allocation forum hosted by Mirae Asset in Seoul on Thursday, Heo said the global financial market has relied heavily on the US as its primary growth engine over the past three years. However, with the return of President Donald Trump and the onset of a high-tariff era, he warned that the global trade order is being reshaped. 'The recent depreciation of the US dollar reflects weakening global confidence, spurred by growing nationalism and ballooning fiscal deficits,' Heo said, urging investors to pivot from a US-centric strategy and realign their portfolios with the shifting global innovation landscape. China and India, he said, represent promising alternatives. 'Innovative technology that once fueled US growth is no longer its exclusive domain,' he added, pointing to China's accelerating technological self-reliance, supported by pro-market policy shifts. He cited examples such as Chinese AI startup DeepSeek positioning itself as a challenger to OpenAI, and BYD, which in April overtook Tesla in the European electric vehicle market for the first time. Meanwhile, India is emerging as a vast consumer market, Heo said, powered by robust digital infrastructure and a rapidly expanding population. His remarks come amid a noticeable cooling of Korean retail interest in US equities following a period of record buying. As of May 26, Korean individual investors had sold a net $1.065 billion (1.46 trillion won) in US stocks -- their first net sell-off in seven months. Even longtime favorites like Tesla and Nvidia saw combined net sales of about $306 million during the week of May 19-23. Echoing the call for a diversified investment strategy, Lee Phil-sang, director and head of Asia Pacific Research at Mirae Asset Hong Kong, highlighted China's healthcare tech sector as a compelling opportunity. He cited the country's deep talent pool as a key factor driving its progress toward catching up with the more established US biopharmaceutical industry. 'China has made significant strides in new drug development over the past four years. In 2010, its output in this field was minimal, but it now ranks second globally,' Lee said. Chinese biotech firms such as Beigene, Akeso, Hansoh, and Eccogene have been expanding globally through out-licensing deals and international clinical trials. Lee said that China is also taking the lead in advanced drug modalities, including antibody-drug conjugates, targeted cancer therapies linking antibodies to toxic agents, and bispecific antibodies, designed to bind two different antigens for enhanced efficacy. Policy shifts in China are also creating a more favorable environment for foreign investors, Lee said. Whereas past periods of double-digit economic growth often led to excessive government investment and harmful oversupply, a slowing Chinese economy is now helping to differentiate true market leaders. 'China's slow growth isn't necessarily negative,' Lee said. 'It's in low-growth conditions that world-class enterprises emerge. When a leading company dominates the domestic market and expands overseas, it sets the stage for the rise of truly global champions.'
Korea Herald
2 days ago
- Korea Herald
SERES Invited to Attend ASEAN-China-GCC Economic Forum
CHONGQING, China and KUALA LUMPUR, Malaysia, May 30, 2025 /PRNewswire/ -- On May 27, the ASEAN-China-GCC Economic Forum officially opened in Kuala Lumpur, aiming to create development opportunities and shared prosperity by strengthening cooperation in economy, trade, investment, and other fields. SERES, as a representative of China's new energy vehicle (NEV) enterprises, was invited to attend the forum. John Zhang, Chairman and President of SERES Group stated that with the brand slogan of "Intelligence Redefining Luxury," SERES focuses on the high-end luxury vehicle market, exploring a development path for Chinese automakers. For the markets of ASEAN and GCC member countries participating in the forum, SERES will accelerate the localized development and certification of relevant models, especially the high-end AITO series, to swiftly introduce them into target markets and achieve full coverage in the future. SERES' vehicle export business began in 2005. After years of development, the company has exported over 550,000 vehicles cumulatively to more than 70 countries and regions, including Germany, France, the UK, and Italy. In 2018, SERES established and put into operation a highly automated manufacturing plant in Indonesia integrating four major processes - stamping, welding, painting, and assembly, which became the first pure electric vehicle manufacturer in Indonesia. With a foothold in Indonesia, SERES is expanding its reach across ASEAN and continuously growing its presence in the Southeast Asian market. By attending the ASEAN-China-GCC Economic Forum, SERES is expected to further strengthen exchanges and cooperation with ASEAN and GCC member countries, accelerating the materialization of its overseas market expansion. During the interview, John Zhang introduced that SERES was founded in 1986 and has undergone three entrepreneurial phases—transitioning from auto parts to complete vehicles, and now to intelligent electric vehicles—achieving leapfrog development each time. Now, AITO brand is redefining luxury with intelligence and pioneering a "New Luxury" concept combining Traditional Luxury and Technological Luxury. With leading product strength, AITO has won recognition from more than 600,000 users, establishing itself as the benchmark of "New Luxury" in China. As a technology-driven company, SERES is committed to innovations of core technologies in electrification and intelligence, having developed the SERES MF Platform, SERES Super Range Extender, SERES Intelligent Safety, and SERES Super Factory, building a robust technological moat. In the face of the opportunities and challenges brought by global economic integration, SERES will embrace a more open and inclusive mindset, working together with partners from all sectors to jointly write a new chapter in the development of China's new energy vehicle industry. About SERES Founded in 1986, SERES is a leading technology company specializing in new energy vehicles (NEVs). With a workforce of approximate 20,000 employees, SERES is publicly listed on the A-share market and ranks among the Fortune China 500. The company is dedicated to the research and development, manufacturing, sales and services of new energy vehicles and their core NEV components. The name SERES is inspired by the Greek word for "the land of silk", evoking the luxuries of heritage of the East. SERES offers two NEV brands for overseas markets: AITO and DFSK. These brands provide a diverse range of products tailored to different market segments, with AITO focusing primarily on the high-end luxury segment. To date, SERES has exported over 550,000 vehicles to more than 70 countries and regions, including Germany, France, the United Kingdom, Italy, and many more countries.
Korea Herald
2 days ago
- Korea Herald
Death penalty for saying 'oppa'? N. Korea strengthens law to curb 'anti-socialist culture'
North Korea has strengthened its law to control foreign cultural influences by increasing the severity of criminal punishments against the spread of "anti-socialist culture," going so far as to impose the death penalty, the Ministry of Justice said Friday. According to the ministry, which recently analyzed North Korea's revised Criminal Act, North Korea expanded the scope of the death penalty to special criminal laws regarding drug crimes, reactionary ideology and culture, including from South Korea, dubbed Hallyu, or the Korean Wave. Seoul explained that North Korea's recent revision stemmed from the view that it perceives the influx of South Korean culture, like popular use of the term 'oppa,' as a possible threat to the regime. "Oppa" is a term used by South Korean women when they address not only an older male sibling, but also an older male who belongs to the same community or one's romantic partner. While North Korea restricts the usage of "oppa" to its original usage meaning older brother, a growing number of North Korean people in their 20s and 30s have started using "oppa" in the South Korean way, according to the Justice Ministry. The explanation was part of the government's comprehensive commentaries on North Korea's Criminal Act revisions in December 2023, analyzing all 329 articles of the law. While increasing the number of criminal offenses eligible for the death penalty from 11 to 16, North Korea removed articles that previously included references to national reunification to reflect the changed nature of inter-Korean relations as 'two hostile states.' Additional provisions have been introduced to strengthen the protection of national symbols by creating a new offense for damaging the national flag or emblem, according to the Justice Ministry. It claimed that the revised criminal law included articles reflecting sanctions imposed by the international community as well. 'We hope that the analysis will serve as a foundation for future research, which is aimed to effectively address the integration of South and North Korea's legal systems. The ministry will continue to make efforts to prepare for the unification of legal and institutional frameworks on the Korean Peninsula,' said the ministry. The ministry stated that it did not only make explanations to the legal elements outlined in each article of North Korean Criminal Act, but also created comparative legal studies with the criminal laws of South Korea, Russia, China and Vietnam.
