The joint investigation team of the public and private sectors investigating the SK Telecom server hacking incident is currently analyzing the influx time, route, and location of eight types of malware recently disclosed. The investigation is focused on whether the malware confirmed this time is found on the same home subscriber server (HSS) as the code discovered during the initial hacking or on separate equipment.
According to the industry on the 6th, SK Telecom first detected signs of data leakage on the 18th of last month and subsequently confirmed the presence of malware and deletion traces on the charging analysis equipment and home subscriber server (HSS). The Korea Internet & Security Agency (KISA) announced on the 3rd that it had discovered cases of attacks targeting Linux systems and disclosed an additional eight types of malware.
The joint investigation team is conducting a digital forensics investigation into the discovery location, generation time, and influx route of the malware but noted that specific results have yet to be confirmed. Some in the security industry have raised the possibility that the attack may have targeted vulnerabilities in Ivanti (VPN equipment manufacturer), but it has not been confirmed what VPN equipment SK Telecom's Linux-based servers are actually using.
The Ministry of Science and ICT initiated a security inspection targeting the three major telecommunication companies and key platform companies such as Naver, Kakao, Coupang, and Woowa Brothers on the 3rd, directing platform companies to conduct their own inspections of the malware used in the hacking. The goal is to check for security vulnerabilities in the VPN equipment used by these platform companies.
The Ministry of Science and ICT explained that this incident has serious implications for the security and safety of the national network as a whole, prompting proactive measures. The joint investigation team reported that there have been no reports of damage related to the malware in the platform industry so far.
Meanwhile, on the 5th, the day SK Telecom halted new subscriptions and number transfers at 2,600 T-World stores nationwide, a total of 13,745 customers moved to other telecommunications companies. Of these, 7,087 transferred to KT, and 6,658 to LG Uplus, indicating that the scale of customer loss has decreased compared to before due to the holiday and the automatic enrollment in the SIM protection service.