NewKerala.com

KT Security Scandal: How Concealed Malware Led to Massive Data Breach

A government investigation has exposed KT's shocking security failures. The company knew about malware infections for months but chose to hide them from authorities. Hackers exploited weak femtocell management to steal customer payment information and personal data. Now KT faces potential legal action and massive fines for obstructing justice and endangering customer security.

Key Points: KT Concealed Malware Infections Before Hacking Data Theft

  • KT detected malware on 43 servers but concealed infections from authorities
  • Hackers exploited femtocell vulnerabilities to intercept payment data
  • Investigation team calls concealment of grave concern for legal action
  • 368 customers lost 240 million won through illegal micro base stations
3 min read

Probe shows KT concealed malware infections, security failures leading to hacking breach

Government probe reveals KT hid BPFDoor malware infections on 43 servers, failed to report security breaches that exposed customer data to hackers.

"KT's femtocell management system was generally poor, creating an environment in which unauthorized femtocells could easily access the company's internal network - Investigation Team"

Seoul, Nov 6

KT Corp., South Korea's second-largest mobile carrier, was found to have concealed critical malware infections and failed to report the security breaches that led to a recent hacking and data theft incident, a government-led investigation revealed on Thursday.

The joint government-private investigation team, which is examining KT's recent cyberattack linked to illegal micro base stations, said the company learned between March and July of 2024 that 43 of its servers had been infected with so-called BPFDoor malware and other malicious code, reports Yonhap news agency.

Despite detecting the infections, which exposed customer data, the company did not notify authorities and instead attempted to handle the issue internally, according to the team.

BPFDoor malware enables remote attackers to bypass firewalls and maintain long-term access to compromised systems. It was also used in a separate hacking case involving industry leader SK Telecom Co. reported earlier this year.

Investigators confirmed that the infected KT servers contained customers' personal information, including names, phone numbers and email addresses, as well as international mobile equipment identity (IMEI) data.

The team said it regards the concealment as being of "grave concern" and plans to work with relevant authorities to determine proper legal measures.

The probe also revealed serious vulnerabilities in KT's femtocell management, which allowed unauthorized devices to connect to the company's internal network.

A femtocell is a small, low-power cellular base station, typically designed for use in homes or small businesses.

"KT's femtocell management system was generally poor, creating an environment in which unauthorized femtocells could easily access the company's internal network," the team said.

The investigation concluded that hackers controlling illegal femtocells were able to disable end-to-end encryption, allowing the interception of users' payment authentication data.

The Ministry of Science and ICT said it will conduct a legal review to determine whether KT's actions were in breach of the law and constitute grounds for customer compensation.

The investigation was launched after 368 KT customers suffered financial losses totaling 240 million won ($167,000) in August through illegally operated micro base stations.

KT began offering free universal subscriber identity module (USIM) replacements to all customers Wednesday to address growing data security concern among users.

Officials added that KT has been referred to law enforcement authorities on suspicions of obstructing justice for allegedly providing false information and concealing evidence during the probe.

KT could also face a potential financial penalty from the Personal Information Protection Commission, similar to the one imposed on SK Telecom for its own hacking incident earlier this year. SK Telecom was fined 134.7 billion won by the commission for a similar data breach.

Following the government briefing, KT said in a statement it will take the investigation results "seriously" and apologised for the delay in reporting the data breach to the government.

- IANS

Share this article:

Reader Comments

R
Rohit P
This reminds me of the data breaches we've seen in India too. Companies need to be more responsible with customer data. The fine should be substantial enough to deter such behavior in future.
S
Sarah B
As a cybersecurity professional, I'm shocked they detected malware on 43 servers and didn't report it! This is exactly why we need stronger global data protection laws. The BPFDoor malware is particularly dangerous.
A
Arjun K
Free USIM replacement is good, but what about compensation for the financial losses? 368 customers lost real money because of their negligence. They need to do more than just apologize.
M
Michael C
While KT's actions are clearly wrong, I appreciate that the South Korean government is taking this seriously. Many countries would just sweep this under the rug. The investigation seems thorough.
K
Kavya N
This is why I'm always careful about what information I share with telecom companies. Personal data, IMEI numbers, payment authentication - it's too much sensitive information at risk. We need better protection laws in India too.

We welcome thoughtful discussions from our readers. Please keep comments respectful and on-topic.

Leave a Comment

Minimum 50 characters 0/50