SK Telecom headquarters in Jung-gu, Seoul. /Courtesy of News1

Recently, the Ivanti VPN device that was suspected of having vulnerabilities in the SK Telecom hacking incident was found to have not been used by SK Telecom since early last month.

According to materials submitted to lawmaker Choi Min-hee of the National Assembly's Science, Technology, Information, Broadcasting and Communications Committee on the 8th from a public-private joint investigation team, it has been confirmed that SK Telecom turned off the Ivanti VPN device and replaced it with another device after using domestic product SecuWiz and Ivanti VPN equipment since early last month.

SK Telecom explained that it referred to the cyber security notice from the Korea Internet & Security Agency (KISA) to turn off and complete the replacement of the Ivanti VPN. Additionally, SK Shieldus warned of VPN vulnerabilities while releasing an analysis report on the Ivanti VPN in September last year. Lawmaker Choi Min-hee demanded a thorough investigation into the possibility of exposure to vulnerabilities during the use of the Ivanti VPN and whether security procedures were properly followed during the shutdown and replacement of the VPN.

Meanwhile, Naver and Kakao are using the Ivanti VPN, stating that they will immediately check and take action if vulnerabilities are disclosed. Kakao reported that it is enhancing the operation of the latest version patch and security monitoring, confirming that there are no communication records with the attacker's IP.

On the other hand, SK Telecom explained that the core servers related to the USIM are located at the Seong-su and Daejeon Data Centers, and that the two data centers operate in a complementary (backup) manner. It stated that subscriber authentication keys are stored in the Daejeon Data Center, Seoul Boramae Data Center, and Bundang Data Center, and if an issue arises in one data center, it will be supplemented by the other two data centers.