@securityonline.info
//
SK Telecom, South Korea's largest mobile network operator, revealed a significant data breach in April 2025 that exposed the USIM data of 27 million subscribers. The company first detected malware on its networks on April 19, 2025, and responded by isolating the compromised servers. Investigations have since revealed the breach began as far back as June 15, 2022, with attackers deploying a web shell on one of SK Telecom's servers. This initial compromise provided a foothold in the network allowing them to execute commands and deploy additional malware payloads across multiple servers.
The attackers were able to steal a wide array of sensitive information, including users’ IMSI numbers, USIM authentication keys, network usage data, text messages, and contacts stored on SIM cards. A joint investigative committee comprising the South Korean government and SK Telecom discovered 25 separate backdoor programs on the company’s servers. Due to the undetected nature of the breach for nearly three years, the intruders were able to implant backdoors tailored to different malicious functions. SK Telecom only began logging server activity on December 31, 2024, creating a data void between June 15, 2022, and December 31, 2024, making it difficult to ascertain what data was exfiltrated or what malicious operations were executed during that time. The breach has affected an estimated 26.95 million SK Telecom users, prompting the company to take immediate action. SK Telecom has suspended the onboarding of new customers and announced it will begin notifying all affected individuals to replace their SIM cards and adopt enhanced security measures. To mitigate the risks associated with SIM-swapping attacks, SK Telecom announced it would issue replacement SIM cards to all affected customers, while also implementing stricter safeguards to prevent unauthorized number transfers. The company also confirmed that USIM records for its entire subscriber base of 29 million people were exposed. Recommended read:
References :
@cyberinsider.com
//
A security flaw has been discovered in O2 UK's implementation of VoLTE and WiFi Calling technologies, potentially exposing the general location and other identifiers of mobile users. Researchers from Beijing University of Posts and Telecommunications and the University of Birmingham identified a critical vulnerability in the EEA2 encryption algorithm. This flaw allowed attackers to intercept and decrypt voice call data, accessing sensitive information such as call metadata, including call times, duration, and direction of calls. This discovery highlights the urgent need for improved security measures within telecommunications networks.
The vulnerability stemmed from the non-encrypted MAC sub-header at the mobile relay, which revealed the Logical Channel ID (LCID) of the sub-PDU (Protocol Data Unit). This information enabled the researchers to target VoLTE traffic directly. Researcher Daniel Williams also found that the flaw likely existed on O2 UK's network since February 2023. The flaw could allow anyone to expose the general location of a person and other identifiers by calling the target, theoretically, in some cases, this could be accurate to within 100 square meters. O2 UK, now part of Virgin Media O2 (VMO2), has since patched the bug following the discovery and public disclosure of the vulnerability. A VMO2 spokesperson stated that their engineering teams had been working on and testing a fix for a number of weeks and the fix is now fully implemented. The company has also contacted the researcher Daniel Williams to thank him for his work. This incident underscores the importance of regular security assessments and prompt patching to protect user privacy in modern telecommunications systems. Recommended read:
References :
Pierluigi Paganini@Data Breach
//
SK Telecom, South Korea’s largest mobile carrier, has suffered a significant cyberattack resulting in a USIM data breach affecting approximately 23 to 25 million subscribers. The breach was triggered by a malware infection that exposed sensitive information tied to users’ Universal Subscriber Identity Modules (USIMs), including mobile phone numbers and IMEI numbers. This incident has raised alarms across the telecommunications industry, prompting a reassessment of cybersecurity practices and highlighting vulnerabilities within SK Telecom's network.
To address the fallout from the breach, SK Telecom is offering free SIM card replacements to its affected customers. While the company serves roughly half of the domestic mobile phone market, only 6 million replacement SIM cards are initially available through May. This initiative aims to mitigate the risks of identity theft and SIM swap attacks, which could exploit the compromised USIM data. Additionally, SK Telecom is working to restore customer trust by increasing checks on SIM card replacement activities and monitoring authentication processes for suspicious behavior. The cyberattack has had a substantial impact on SK Telecom’s market position and financial standing. An estimated $643 million in market capitalization has been lost, accompanied by a potential exodus of subscribers seeking more secure alternatives. The South Korean Ministry of Science and ICT and the Korea Internet & Security Agency (KISA) have launched an on-site investigation at SK Telecom’s headquarters, adding further pressure on the company to effectively manage the breach's consequences. Recommended read:
References :
@www.ic3.gov
//
The FBI has issued a public appeal for information regarding a widespread cyber campaign targeting US telecommunications infrastructure. The activity, attributed to a hacking group affiliated with the People's Republic of China and tracked as 'Salt Typhoon,' has resulted in the compromise of multiple U.S. telecommunications companies and others worldwide. The breaches, which have been ongoing for at least two years, have led to the theft of call data logs, a limited number of private communications, and the copying of select information subject to court-ordered U.S. law enforcement requests. The FBI is seeking information about the individuals who comprise Salt Typhoon and any details related to their malicious cyber activity.
The FBI, through its Internet Crime Complaint Center (IC3), is urging anyone with information about Salt Typhoon to come forward. The agency's investigation has uncovered a broad and sophisticated cyber operation that exploited access to telecommunications networks to target victims on a global scale. In October, the FBI and CISA confirmed that Chinese state hackers had breached multiple telecom providers, including major companies like AT&T, Verizon, Lumen, Charter Communications, Consolidated Communications, and Windstream, as well as dozens of other telecom companies in numerous countries. In an effort to incentivize informants, the U.S. Department of State’s Rewards for Justice (RFJ) program is offering a reward of up to US$10 million for information about foreign government-linked individuals participating in malicious cyber activities against US critical infrastructure. The FBI is accepting tips via TOR in a likely attempt to attract potential informants based in China. The agency has also released public statements and guidance on Salt Typhoon activity in collaboration with U.S. government partners, including the publication of 'Enhanced Visibility and Hardening Guidance for Communications Infrastructure.' Salt Typhoon is also known by other names such as RedMike, Ghost Emperor, FamousSparrow, Earth Estries, and UNC2286. Recommended read:
References :
Pierluigi Paganini@Data Breach
//
SK Telecom, a major mobile network operator in South Korea, is grappling with the aftermath of a significant cyberattack that compromised the USIM data of approximately 23 million subscribers. The breach, discovered on April 19th, involved malware infiltration that allowed attackers to steal sensitive customer information, including mobile phone numbers and device identification numbers (IMEI). This stolen data poses significant risks to affected users, including potential identity theft and SIM swap attacks, where criminals can hijack a victim's phone number to gain access to personal and financial accounts.
In response to the widespread data breach, SK Telecom has announced a program to provide free SIM card replacements to all 25 million of its mobile customers. This initiative aims to mitigate the risk of SIM swapping and other fraudulent activities by replacing compromised SIM cards with secure ones. However, the company faces logistical challenges, with only 6 million SIM cards available for immediate replacement through May. This shortage raises concerns about the timeline for fully addressing the vulnerability and protecting all affected subscribers. The cyberattack has had a substantial impact on SK Telecom, leading to customer anxiety, a loss in market capitalization estimated at $643 million, and potential subscriber attrition. The South Korean Ministry of Science and ICT and the Korea Internet & Security Agency (KISA) have launched an on-site investigation at SK Telecom's headquarters, signaling the seriousness of the breach and the regulatory scrutiny the company now faces. While SK Telecom is implementing measures to restore customer trust, the incident serves as a wake-up call for the telecommunications industry, highlighting the need for robust cybersecurity practices and proactive security measures. Recommended read:
References :
|