In a significant breach of cybersecurity, SK Telecom suffered a malware attack that persisted undetected for nearly three years, exposing approximately 27 million SIM records. The attack has raised serious concerns regarding cybersecurity vulnerabilities within the organization. Approximately 27 million SIM records were compromised, which included sensitive information such as IMSI numbers, USIM authentication keys, network usage data, and stored SMS and contacts. Technical investigations have revealed that this breach involved a staggering 25 different types of malware, with 24 variants belonging to the BPFDoor family and one web shell utilized for initial access. The earliest signs of compromise can be traced back to June 15, 2022, yet it took until April 22, 2025, for the breach to be officially reported to the Korea Internet & Security Agency (KISA). At least 23 internal servers were infected, but only 15 of these have been fully analyzed as part of the forensic investigation, leaving eight others still under scrutiny. The attackers are suspected to be part of a highly skilled group, possibly state-sponsored, considering the sophisticated nature of the malware used. The exploitation of zero-day vulnerabilities likely contributed to the attack’s prolonged stealth and effectiveness. Importantly, there were no demands made or ransom sought, leaving the motive unclear. Speculation has emerged regarding possible involvement by adversarial foreign entities, such as a Chinese group or North Korea. In light of the incident, SK Telecom has temporarily halted new subscriber sign-ups to mitigate further exposure and has initiated a nationwide SIM replacement program. Moreover, the company has pledged to improve its cybersecurity infrastructure, although previously asserting their security measures were world-class. This breach highlights the vulnerabilities within tech infrastructure and has far-reaching implications for the entire telecom industry. The breach also involved a dataset of 26.9 million subscriber SIM records that further emphasizes the scale of the data exposure. The breach has stirred a significant regulatory response, with the Personal Information Protection Commission scrutinizing SK Telecom’s practices. As this situation continues to unfold, the South Korean police lead the investigation, with international cooperation expected to address the complexities of the attack and its aftermath.
