Latest news with #LimJong-in
Korea Herald
21-05-2025
- Korea Herald
Who hacked S. Korea's largest telecom, and why? Growing concerns the SKT data breach wasn't just about money
Some suspect a sophisticated Chinese hacking group may be behind the attack, raising potential alarms over cyber security Nearly three years before South Korea's largest telecom provider knew anything was wrong, hackers had already broken into SK Telecom's internal systems. This detail emerged from a briefing this Monday by the government's public-private joint investigation team, which is probing one of the country's most serious cybersecurity breaches in recent memory. The attackers first embedded malware on June 15, 2022, according to the investigation. That software remained hidden until last month, when over 9 gigabytes of sensitive SIM-related data tied to approximately 25 million subscribers, including customers of SKT's budget MVNO carriers, was suddenly exfiltrated. Among the leaked data were 21 types of subscriber-related information, including identification numbers and SIM authentication credentials. What hasn't been confirmed, however, is whether call records or other highly sensitive personal communications data were taken. SK Telecom has said its call detail records (CDRs) are encrypted, but encryption alone may not be enough, warns Professor Kim Seung-joo of Korea University's Graduate School of Information Security. 'Even encrypted data is vulnerable if the keys aren't securely managed,' he said in a separate media interview on Tuesday. 'The same thing happened to nine US telecoms last year.' CDRs are highly valuable in state-backed cyber operations. Unlike credit card data, they reveal patterns of communication and movement, making them ideal for tracking public officials and institutions, he explained. The malware discovered on SK Telecom's servers included BPFdoor, a backdoor tool also used by Salt Typhoon, the Chinese-linked group behind the attacks on AT&T, Verizon and T-Mobile. South Korean investigators have not confirmed the attribution, but suspicion is growing. Professor Lim Jong-in, a cyber defense expert at Korea University, told local radio on Wednesday morning that he suspects the Chinese hacking group Red Mansion may be behind the intrusion. They are known for APT-style cyberattacks -- operations that are typically slow-moving, well-funded and thus conducted by nation-state actors rather than ordinary cybercriminals. APT stands for Advanced Persistent Threat. 'Their yearslong persistence and stealth tell you this wasn't just about stealing data for profit,' said Professor Yum Heung-yeol, another cybersecurity scholar at Soonchunhyang University, according to a local media report on Wednesday. 'To compromise a core telecom operator without any spies or insider cooperation is not something amateur hackers can do.' So far, no customers have reported cloned phones, suspicious charges or extortion attempts. That silence and the long-term nature of the breach, the experts have all said, makes financial motives unlikely. 'We are looking into multiple possibilities, including whether the attack was to steal data or to establish long-term access to deeper systems,' said Ryu Jae-myeong, director-general of network policy at the ICT Ministry involved in the joint investigation team.
Korea Herald
11-02-2025
- Automotive
- Korea Herald
Concerns raised over potential data leak to China via BYD cars in S. Korea
With the recent entry by China's BYD Co. into South Korea's passenger electric vehicle market, concerns have been raised over potential personal data leaks to China through the vehicles manufactured by the company, industry observers said Tuesday. The security risks of private data leaks to China emerged following BYD's official entry into the South Korean passenger vehicle market last month. BYD's first model launched here, the Atto 3, is equipped with connected car features, such as over-the-air software update capability and navigation features, through which sensitive driver data could be transferred to China, according to the market watchers. "BYD must disclose exactly what types of data are collected and how they are processed," said Yom Heung-yeol, professor emeritus of cybersecurity at Soonchunhyang University. He stressed that an "opt-out mechanism," allowing consumers to reject the collection of personal data if they choose, was necessary. BYD Korea has addressed data protection concerns, stating, "We fully understand Korean customers' concerns regarding personal data security and strictly comply with the Personal Information Protection Act." It said that data collected in South Korea is managed locally and not shared with BYD headquarters in China. The company has also stated that it has no plans to integrate DeepSeek, China's generative artificial intelligence service, into its vehicles. Chinese EV manufacturer Geely recently announced a plan to incorporate DeepSeek's AI model into its vehicles. The recent launch of DeepSeek has raised concerns over potential data leaks globally, having prompted South Korean government agencies and private companies to ban the use of its service at work. Despite BYD's assurances, concerns persist regarding the storage of Korean user data on Tencent Cloud servers, which belong to a Chinese IT company. Although managed within South Korea, the storage of Korean user data on a China-affiliated server has sparked unease among experts. Lim Jong-in, professor emeritus at Korea University's graduate school of information security, said the government must conduct rigorous inspections of BYD vehicles not only in terms of performance but also from a cybersecurity standpoint. "Like Huawei in the past, there is a possibility of backdoor access vulnerabilities that allow third parties to bypass security protections and access data," Lim said. (Yonhap)
