Probe shows KT concealed malware infections, security failures leading to hacking breach

Seoul, Nov 6 KT Corp., South Korea's second-largest mobile carrier, was found to have concealed critical malware infections and failed to report the security breaches that led to a recent hacking and data theft incident, a government-led investigation revealed on Thursday.

The joint government-private investigation team, which is examining KT's recent cyberattack linked to illegal micro base stations, said the company learned between March and July of 2024 that 43 of its servers had been infected with so-called BPFDoor malware and other malicious code, reports Yonhap news agency.

Despite detecting the infections, which exposed customer data, the company did not notify authorities and instead attempted to handle the issue internally, according to the team.

BPFDoor malware enables remote attackers to bypass firewalls and maintain long-term access to compromised systems. It was also used in a separate hacking case involving industry leader SK Telecom Co. reported earlier this year.

Investigators confirmed that the infected KT servers contained customers' personal information, including names, phone numbers and email addresses, as well as international mobile equipment identity (IMEI) data.

The team said it regards the concealment as being of "grave concern" and plans to work with relevant authorities to determine proper legal measures.

The probe also revealed serious vulnerabilities in KT's femtocell management, which allowed unauthorized devices to connect to the company's internal network.

A femtocell is a small, low-power cellular base station, typically designed for use in homes or small businesses.

"KT's femtocell management system was generally poor, creating an environment in which unauthorized femtocells could easily access the company's internal network," the team said.

The investigation concluded that hackers controlling illegal femtocells were able to disable end-to-end encryption, allowing the interception of users' payment authentication data.

The Ministry of Science and ICT said it will conduct a legal review to determine whether KT's actions were in breach of the law and constitute grounds for customer compensation.

The investigation was launched after 368 KT customers suffered financial losses totaling 240 million won ($167,000) in August through illegally operated micro base stations.

KT began offering free universal subscriber identity module (USIM) replacements to all customers Wednesday to address growing data security concern among users.

Officials added that KT has been referred to law enforcement authorities on suspicions of obstructing justice for allegedly providing false information and concealing evidence during the probe.

KT could also face a potential financial penalty from the Personal Information Protection Commission, similar to the one imposed on SK Telecom for its own hacking incident earlier this year. SK Telecom was fined 134.7 billion won by the commission for a similar data breach.

Following the government briefing, KT said in a statement it will take the investigation results "seriously" and apologised for the delay in reporting the data breach to the government.

Disclaimer: This post has been auto-published from an agency feed without any modifications to the text and has not been reviewed by an editor