News from the AI & ML world
DeeperML
@securityonline.info
//
SK Telecom, South Korea's largest mobile network operator, revealed a significant data breach in April 2025 that exposed the USIM data of 27 million subscribers. The company first detected malware on its networks on April 19, 2025, and responded by isolating the compromised servers. Investigations have since revealed the breach began as far back as June 15, 2022, with attackers deploying a web shell on one of SK Telecom's servers. This initial compromise provided a foothold in the network allowing them to execute commands and deploy additional malware payloads across multiple servers.
The attackers were able to steal a wide array of sensitive information, including users’ IMSI numbers, USIM authentication keys, network usage data, text messages, and contacts stored on SIM cards. A joint investigative committee comprising the South Korean government and SK Telecom discovered 25 separate backdoor programs on the company’s servers. Due to the undetected nature of the breach for nearly three years, the intruders were able to implant backdoors tailored to different malicious functions. SK Telecom only began logging server activity on December 31, 2024, creating a data void between June 15, 2022, and December 31, 2024, making it difficult to ascertain what data was exfiltrated or what malicious operations were executed during that time.
The breach has affected an estimated 26.95 million SK Telecom users, prompting the company to take immediate action. SK Telecom has suspended the onboarding of new customers and announced it will begin notifying all affected individuals to replace their SIM cards and adopt enhanced security measures. To mitigate the risks associated with SIM-swapping attacks, SK Telecom announced it would issue replacement SIM cards to all affected customers, while also implementing stricter safeguards to prevent unauthorized number transfers. The company also confirmed that USIM records for its entire subscriber base of 29 million people were exposed.
ImgSrc: securityonline.
References :
The attackers were able to steal a wide array of sensitive information, including users’ IMSI numbers, USIM authentication keys, network usage data, text messages, and contacts stored on SIM cards. A joint investigative committee comprising the South Korean government and SK Telecom discovered 25 separate backdoor programs on the company’s servers. Due to the undetected nature of the breach for nearly three years, the intruders were able to implant backdoors tailored to different malicious functions. SK Telecom only began logging server activity on December 31, 2024, creating a data void between June 15, 2022, and December 31, 2024, making it difficult to ascertain what data was exfiltrated or what malicious operations were executed during that time.
The breach has affected an estimated 26.95 million SK Telecom users, prompting the company to take immediate action. SK Telecom has suspended the onboarding of new customers and announced it will begin notifying all affected individuals to replace their SIM cards and adopt enhanced security measures. To mitigate the risks associated with SIM-swapping attacks, SK Telecom announced it would issue replacement SIM cards to all affected customers, while also implementing stricter safeguards to prevent unauthorized number transfers. The company also confirmed that USIM records for its entire subscriber base of 29 million people were exposed.
ImgSrc: securityonline.
Share:
References :
- securityonline.info: Three-Year Intrusion: SK Telecom Breach Exposes 27 Million User Records
- The DefendOps Diaries: Understanding the SK Telecom Data Breach: Lessons and Future Preparations
- BleepingComputer: SK Telecom says malware breach lasted 3 years, impacted 27 million numbers
- cyberinsider.com: SK Telecom Confirms 29 Million Customers Exposed
- securityaffairs.com: Ransomware campaign
Classification:
- HashTags: #DataBreach #TelecomSecurity #SKTelecom
- Company: SK Telecom
- Target: SK Telecom subscribers
- Product: Telecom Services
- Feature: Data Breach
- Type: DataBreach
- Severity: Disaster