On April 4, the Ministry of Science and ICT announced the investigation results of the joint investigation team (hereinafter referred to as 'the investigation team') regarding the SK Telecom incident and the review of the penalty waiver provisions in the SK Telecom terms of service. As for the scale of the damage, it was concluded that 33 types of malware had been discovered on a total of 28 servers. Regarding the penalty issue, which is a national concern, the government expressed its position that waiving the penalty when a subscriber cancels is justified.
◇ 33 types of malware discovered... No indications of device identification number leaks
According to the Ministry of Science and ICT on the 4th, the investigation team conducted a thorough investigation on 42,605 servers and confirmed 33 types of malware, including BPFDoor, TinyShell, and web shells. The leaked information includes SIM card information, phone numbers, and subscriber identity numbers (IMSI), with approximately 9.82 GB of leakage and around 26.96 million cases based on IMSI. The investigation found that important information such as International Mobile Equipment Identity (IMEI) and Call Detail Records (CDR) were stored in plaintext on infected servers, but a detailed analysis confirmed there was no information leakage. However, it was noted that SIM card information was leaked from the Home Subscriber Server (HSS) management server on April 18 and was transmitted through external servers.
The investigation team concluded that during the initial infiltration (August 2021 ~), attackers accessed the servers in the system management network, installed malware, and infiltrated the HSS management server and core network. Subsequently, the attackers accessed servers in the customer management network and installed additional malware. In the information leakage incident (April 18, 2025), it was concluded that after securing account information, malware was additionally installed on several servers, and SIM card information was leaked externally.
The Ministry of Science and ICT stated it discovered problems in SK Telecom's information security system, including inadequate management of account information, insufficient response to past incidents, and inadequate encryption measures for important information. In particular, insufficient management of account information and inadequate responses to past incidents were highlighted as significant issues. It indicated that SK Telecom showed weaknesses in security management, such as storing passwords in plaintext.
As preventive measures, restrictions on recording and storing passwords were proposed, along with the introduction of systems to encrypt and securely store them and multiple authentication systems. Additionally, measures to comply with incident reporting obligations and strengthen information encryption were also prepared.
The Ministry of Science and ICT plans to receive an implementation plan from SK Telecom by July regarding the preventive measures and will check compliance. Depending on the inspection results, necessary corrective measures will be ordered, with plans to strengthen information security and prepare response measures for cyber threats.
◇ Government: “Conclusion on penalty waiver for SK Telecom subscribers even if they cancel”
The Ministry of Science and ICT conducted legal consultations regarding the applicability of the penalty waiver provisions due to the incident. The investigation found that SK Telecom's negligence was confirmed, and the leakage of SIM card information was deemed a violation of major obligations regarding telecommunication services, concluding that the application of the penalty waiver provisions is possible. However, this interpretation is limited to this incident and does not apply to all cyber incidents.
The Ministry of Science and ICT noted, "This SK Telecom incident serves as a wake-up call for not only the domestic telecommunications industry but also the overall information security of network infrastructure, and SK Telecom must thoroughly address the vulnerabilities identified due to this incident and prioritize information security in corporate management moving forward." Additionally, it stated, "In the upcoming AI era, cyber threats are expected to become more sophisticated as they integrate with AI, so the government will overhaul the entire security system from cyber threat prevention to incident response."
This announcement is expected to raise significant awareness regarding the strengthening of cybersecurity not only for SK Telecom but also for all domestic telecommunications companies and corporations.