HQ/EMEAFind out how we can help your business
The recent cybersecurity incident disclosed by SK Telecom last month has allegedly been a long-running issue. Reports revealed that the investigation has traced back to the start of the attack in 2022.
This incident purportedly exposed sensitive data related to about 27 million mobile subscribers.
Moreover, the company claimed it promptly isolated the affected hardware, which it believed had been compromised. This breach allowed threat actors to access various data types, including IMSI numbers, USIM authentication keys, network usage records, and SMS/contact data stored on SIM cards.
Due to the risk of SIM-swapping attacks, SK Telecom launched a company-wide SIM card replacement initiative and implemented stronger safeguards against unauthorised number porting.
On May 8, 2025, a government-led investigative committee confirmed that the malware infected 25 data types. Following this revelation, SK Telecom temporarily halted new subscriber registrations to concentrate on managing the breach’s aftermath.
In an update on May 21, 2025, the telco announced that 95 million affected customers would soon receive formal notifications about the compromise of their data.
Linux servers are the entry point for the SK Telecom data breach.
On June 15, 2022, a joint investigative task force examined 30,000 Linux servers owned by SK Telecom. The assessment of these servers revealed the first point of intrusion as a web shell infection.
In addition, the malware evaded detection for almost three years, and attackers deployed various payloads across the compromised servers.
The investigation found that 15 of 23 infected servers held personal subscriber data, including 291,831 IMEI numbers.
However, the telco denied these findings in its latest public statement. Further investigation also reveals that SK Telecom only began recording activity on the affected servers starting December 3, 2024, indicating that any data exfiltration from June 2022 to that date likely went unnoticed.
In the aftermath, SK Telecom has continued to support affected users by providing replacement SIM cards and implementing automated security improvements to prevent further exploitation.
The company also reported successfully mitigating malicious activities aimed at subscriber accounts.
