South Korean mobile network operator SK Telecom revealed that the security breach disclosed in April actually began in 2022. SK Telecom is the country’s largest wireless
telecom company, holding about 48% of the mobile services market with around 34 million subscribers. Besides cellular services, it offers 5G development, AI services, IoT solutions, cloud computing, and smart city infrastructure. It is part of SK Group, one of South Korea’s largest conglomerates active in sectors such as energy, semiconductors, and chemicals.
In April 2025, SK Telecom reported that threat actors accessed USIM-related information for customers following a malware attack. The Universal Subscriber Identity Module (USIM) is a smart card that securely stores subscriber information, including the International Mobile Subscriber Identity (IMSI) and cryptographic keys.
The company detected the malware infection at 11 PM on Saturday, April 19, 2025. SK Telecom promptly reported the breach to the Korea Internet & Security Agency (KISA) on April 20, sanitized the impacted systems, and isolated the suspected hacking device. No cases of misuse of the information have been confirmed so far.
To strengthen security, SK Telecom blocked illegal SIM card changes and abnormal authentication attempts. It also offers affected customers a free subscription to its ‘SIM protection service.’
The breach exposed USIM data of 27 million users. To prevent SIM-swapping attacks, the company is replacing all SIM cards and enhancing security to block unauthorized number porting.
On May 8, 2025, the Personal Information Protection Committee confirmed that malware compromised 25 types of data in the breach. SK Telecom was instructed to notify all 25.64 million affected users, including budget phone customers, by May 9. The leaked data includes phone numbers, IMSIs, SIM keys, and other SIM-related information stored in the Home Subscriber Server (HSS).
The Committee emphasized that the leaked information is highly sensitive personal data essential for identifying and connecting individuals in the mobile era, requiring special attention.
SK Telecom announced it will notify 26.95 million users affected by the malware breach, which involved 25 types of malware across 23 servers. This revealed a more extensive attack than initially expected.
The company stated, “We have isolated 25 types of malware on 23 infected servers. There has been no confirmation of leakage of 290,000 IMEIs, terminal cloning is virtually impossible, and the network is blocked through Fraud Detection Systems (FDS).”
A joint investigation revealed the initial infection occurred on June 15, 2022, and remained undetected for nearly three years.
According to KBS, “The first malware infiltration was a ‘web shell’ series code that took over the server. This web shell enabled hard-to-detect backdoor malware known as BPF door series. In total, 25 types of malwares were found in SK Telecom’s internal system after inspecting 30,000 Linux servers four times, with 23 servers infected.”
SK Telecom assures customers that illegal USIM and device changes are fully blocked and pledges full responsibility should any damage occur.
Found this article interesting? Follow us on X(Twitter) ,Threads and FaceBook to read more exclusive content we post.
