- Malware infiltrated SK Telecom’s systems in 2022 and remained hidden until April 2025
- Operator rolls out advanced fraud detection and nationwide SIM replacement programme
What happened: SK Telecom outlines breach response and security upgrades
SK Telecom has revealed that a persistent and sophisticated malware strain infiltrated its internal systems in 2022—almost two years before its discovery in April 2025. The breach exposed sensitive personal and financial data belonging to potentially millions of users. The company’s latest technical report confirmed that the malware went unnoticed through multiple internal audits and cybersecurity scans.
Following the breach, the company identified and isolated 25 different malware strains across its infrastructure. It also quarantined 23 infected servers believed to be the source of the leak. While the company insists there is no current evidence of further unauthorised data transfers, it has taken pre-emptive measures to mitigate any potential risks. These measures include a temporary halt on all new subscriber sign-ups and a national SIM card replacement programme to reduce the chance of fraudulent access. The operator is also offering SIM protection services both domestically and abroad, ensuring returning travellers and overseas users are not left vulnerable.
In addition, SK Telecom has implemented a comprehensive upgrade to its fraud detection system. The newly deployed FDS 2.0 applies triple-factor authentication—validating the customer’s identity, the SIM card, and the connected device—before allowing access to services. The company confirmed this security layer is now fully active across its network.
Also read: SK Telecom sees Q1 AI growth
Also read: SK apologises for data breach at SK Telecom
Why it is important
The breach has triggered widespread concern across South Korea’s technology and security sectors. As the nation’s largest mobile operator, SK Telecom is deeply embedded in both consumer and enterprise communications. Its compromise suggests that even well-defended networks can be vulnerable to long-term, undetected intrusions.
The malware, reportedly identified as BPFdoor, is known for its stealth and ability to bypass traditional authentication systems. It has previously been linked to state-sponsored hacking groups such as Red Menshen, which some Korean media allege have ties to Chinese intelligence units. This type of malware was also used in attacks targeting US telecommunications firms in 2024, indicating a possible regional or geopolitical pattern. Chey Tae-won, chairman of SK Group, directly addressed the public in early May. He issued a formal apology and stated that this incident should be considered “a matter of national defence”. His framing echoes broader fears that cyberattacks on telcos are not just criminal or financial in nature but represent strategic threats to national infrastructure.
As the investigation continues, experts expect increased cooperation between SK Telecom, the Korean government, and cybersecurity agencies. Regulatory reforms and stricter infrastructure security guidelines may follow. The breach has become a wake-up call not only for Korea but for other nations whose telco networks are potential targets for similar covert attacks.
