KT's Concealed Malware Breach Costs Telecom Giant 90% Profit Drop
TL;DR
KT Corp. Concealed Malware Infections and Security Failures
KT Corp., South Korea's second-largest mobile carrier, concealed critical malware infections and failed to report security breaches, leading to a hacking and data theft incident. A government-led investigation revealed these findings according to Yonhap News Agency. The joint government-private investigation team discovered that 43 of KT's servers were infected with BPFDoor malware and other malicious code between March and July 2024.
Despite detecting these infections, KT did not notify authorities, attempting to resolve the issue internally as reported by MK.
BPFDoor Malware and Data Exposure
The BPFDoor malware allows remote attackers to bypass firewalls and maintain long-term access to compromised systems. This malware was also used in a separate hacking case involving industry leader SK Telecom Co. according to the investigation. The infected KT servers contained customers' personal information, including names, phone numbers, email addresses, and international mobile equipment identity (IMEI) data. The investigation team considers the concealment a grave concern and plans to collaborate with authorities to determine legal measures as stated by Yonhap News Agency.
Vulnerabilities in Femtocell Management
The investigation revealed serious vulnerabilities in KT's femtocell management, allowing unauthorized devices to connect to the company's internal network reported by The Korea Herald. A femtocell is a small, low-power cellular base station typically used in homes or small businesses.
KT's femtocell management system was generally poor, creating an environment in which unauthorized femtocells could easily access the company's internal network according to the investigation team. Hackers controlling illegal femtocells could disable end-to-end encryption, intercepting users' payment authentication data. The Ministry of Science and ICT will conduct a legal review to determine if KT's actions breached the law and warrant customer compensation.
Financial Losses and Remedial Actions
In August, 368 KT customers suffered financial losses totaling 240 million won (US$167,000) through illegally operated micro base stations according to Yonhap News Agency. KT began offering free universal subscriber identity module (USIM) replacements to address growing data security concerns among users as a response to the breaches.
SK Telecom's Data Breach Impact
SK Telecom, another major mobile carrier in South Korea, faced a 90% drop in operating profit due to recovery costs and losses tied to a data breach earlier in the year reported by The Record. The company posted an operating profit of 48.4 billion won ($34.1 million), down from 493 billion won a year earlier according to its earnings report.
The breach exposed the personal data of about 27 million customers. Attackers infiltrated SK Telecom's network in 2022 using 25 types of malware that went undetected for nearly three years according to the report. The stolen data included subscriber identity numbers, authentication keys, network activity logs, and SIM-stored text messages. Regulators imposed a record 134 billion won ($96.5 million) fine and ordered SK Telecom to overhaul its cybersecurity systems as reported by Reuters.
Coupang Blacklist Allegations
Coupang, faced allegations of maintaining a blacklist of union leaders and journalists critical of the company and retaliating against a whistleblower Business & Human Rights Resource Centre. A Coupang worker reported to the media that Coupang was managing a blacklist containing the names of 16,450 individuals, including trade union leaders and journalists critical of the company according to a report.
Automate Your Cybersecurity Marketing with https://gracker.ai
These incidents highlight the critical need for robust cybersecurity measures and proactive marketing strategies to maintain customer trust. At https://gracker.ai, we understand the challenges of staying ahead in the cybersecurity landscape. That's why we've developed a suite of AI-powered tools designed to automate your cybersecurity marketing efforts. From daily news updates and SEO-optimized blogs to AI copilot assistance and newsletters, https://gracker.ai helps you stay informed, engage your audience, and build a stronger brand.
Ready to transform your cybersecurity marketing? Start your FREE trial today! GrackerAI automates your cybersecurity marketing: daily news, SEO-optimized blogs, AI copilot, newsletters & more.
