Main Menu
,

SK Telecom Malware Incident Targets USIM Customer Data

SK Telecom has disclosed a malware attack that exposed sensitive USIM data, prompting swift containment, investigation, and enhanced security measures for its 34 million subscribers.
Facebook Twitter Youtube Linkedin
SK Telecom Malware Incident Targets USIM Customer Data
Table of Contents
    Add a header to begin generating the table of contents

    SK Telecom, South Korea’s largest mobile carrier, has confirmed a data breach involving malware that compromised sensitive USIM-related information belonging to its customers. The breach was detected at 11 PM KST on Saturday, April 19, 2025—timed during the weekend when staffing levels are typically lower.

    The telecom giant holds 48.4% of the mobile service market in the country, with a subscriber base of around 34 million.

    Malware Identified and Containment Actions Taken

    According to the company’s official security notice, the malware was immediately deleted upon detection and the affected equipment was isolated.

    “Once we became aware of the possible leak, we immediately deleted the malware and isolated the equipment suspected of being hacked,” the company stated.

    SK Telecom also confirmed that, at this time, there is no evidence that the exposed information has been misused.

    Authorities Notified and Investigation Ongoing

    The breach was reported to South Korea’s Korea Internet & Security Agency (KISA) the day after detection. The country’s Personal Information Protection Commission was informed shortly after.

    An investigation is ongoing. SK Telecom has not yet disclosed the attack’s root cause, its scope, or how many customers were impacted.

    What USIM Data May Have Been Exposed

    Universal Subscriber Identity Module (USIM) data typically includes:

    • International Mobile Subscriber Identity (IMSI)
    • Mobile Station ISDN Number (MSISDN)
    • Authentication keys
    • Network usage history
    • Stored SMS or contact information (if applicable)

    Such data can be misused for SIM-swap fraud, tracking, and targeted surveillance.

    Mitigation Efforts and Customer Guidance

    As a precaution, SK Telecom has implemented several immediate security measures. These include strengthening detection and blocking mechanisms for SIM swaps and suspicious authentication activity. Accounts tied to abnormal behavior will be automatically suspended.

    Customers are urged to enroll in SK Telecom’s USIM protection service, which prevents unauthorized mobile number transfers to other SIM cards.

    As of now, no cybercriminal group has claimed responsibility for the attack.

    Trending
    The Second Scam: FBI Warns of IC3 Impersonators Targeting Fraud Victims
    Ad Fraud Operation ‘Scallywag’ Used WordPress Plugins to Generate 1.4 Billion Daily Ad Requests
    FBI Warns of IC3 Impersonation Scam Targeting Victims of Online Fraud
    Abilene, Texas Shuts Down City Systems Following Cyberattack
    Imaflex Inc. Data Breach Exposes Personal and Employment Data
    Google Confirms Sophisticated Phishing Attack Targeting Gmail Users Through DKIM and OAuth Abuse
    Evil Corp (UNC2165): The Russian Syndicate Behind Global Cyber Chaos
    This Week In Cybersecurity: March 3rd to 7th, 2025
    Ransomware Victims on Dark Web – 10th March, 2025
    Ransomware Victims on Dark Web – 04th March, 2025

    Daily Briefing Newsletter

    Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

    Related Posts
    Cookie-Bite Attack Uses Chrome Extension to Steal Microsoft Session Tokens and Bypass MFA

    Cookie-Bite Attack Uses Chrome Extension to Steal Microsoft Session Tokens and Bypass MFA

    Baltimore City Public Schools Data Breach Impacts 25,000 Individuals After Ransomware Attack

    Baltimore City Public Schools Data Breach Impacts 25,000 Individuals After Ransomware Attack

    Active! Mail Zero-Day RCE Vulnerability Exploited in Ongoing Attacks on Japanese Organizations

    Active! Mail Zero-Day RCE Vulnerability Exploited in Ongoing Attacks on Japanese Organizations

    The Second Scam: FBI Warns of IC3 Impersonators Targeting Fraud Victims

    Ad Fraud Operation 'Scallywag' Used WordPress Plugins to Generate 1.4 Billion Daily Ad Requests

    Ad Fraud Operation ‘Scallywag’ Used WordPress Plugins to Generate 1.4 Billion Daily Ad Requests

    FBI Warns of IC3 Impersonation Scam Targeting Victims of Online Fraud

    FBI Warns of IC3 Impersonation Scam Targeting Victims of Online Fraud