Alphabiz - KT Accused of Concealing 2024 Malware Infection Affecting Subscriber Data; Government Probe Finds Security Failures Behind Micropayment Hacking

속초12.4℃
북춘천5.9℃
철원5.8℃
동두천6.8℃
파주7.4℃
대관령0.8℃
춘천6.3℃
백령도13.7℃
북강릉11.7℃
강릉11.3℃
동해11.0℃
서울10.7℃
인천12.1℃
원주7.4℃
울릉도14.0℃
수원10.4℃
영월4.7℃
충주6.4℃
서산11.2℃
울진11.6℃
청주10.0℃
대전10.3℃
추풍령9.3℃
안동7.8℃
상주7.6℃
포항12.7℃
군산11.1℃
대구10.1℃
전주11.4℃
울산12.4℃
창원13.0℃
광주12.6℃
부산16.7℃
통영15.5℃
목포14.1℃
여수14.7℃
흑산도16.0℃
완도13.6℃
고창10.3℃
순천9.3℃
홍성8.3℃
서청주8.0℃
제주19.6℃
고산19.4℃
성산20.4℃
서귀포19.6℃
진주10.1℃
강화10.0℃
양평6.7℃
이천6.3℃
인제4.5℃
홍천4.4℃
태백5.2℃
정선군4.0℃
제천7.2℃
보은7.4℃
천안7.7℃
보령12.5℃
부여7.9℃
금산6.1℃
세종8.9℃
부안11.2℃
임실8.4℃
정읍10.3℃
남원9.3℃
장수7.6℃
고창군11.2℃
영광군11.3℃
김해시13.5℃
순창군6.5℃
북창원12.9℃
양산시13.5℃
보성군12.3℃
강진군12.5℃
장흥11.1℃
해남11.4℃
고흥14.1℃
의령군6.7℃
함양군6.7℃
광양시12.9℃
진도군12.3℃
봉화4.8℃
영주8.4℃
문경8.3℃
청송군6.1℃
영덕12.5℃
의성6.7℃
구미9.9℃
영천8.9℃
경주시9.8℃
거창6.3℃
합천8.0℃
밀양10.4℃
산청5.8℃
거제14.9℃
남해14.0℃
북부산13.0℃

2025.11.07 (금)
모바일버전

KT Accused of Concealing 2024 Malware Infection Affecting Subscriber Data; Government Probe Finds Security Failures Behind Micropayment Hacking: Reporter Kim Jisun / approved : 2025-11-07 08:06:42

Photo courtesy of Yonhap News

[Alpha Biz= Kim Jisun] SEOUL, November 6 (local time) — South Korea’s KT Corp. failed to report a major malware infection that struck its internal servers in 2024, according to findings by a joint government–private investigation taskforce announced on Wednesday. The probe revealed that some of the infected servers contained personal data of subscribers, including names, phone numbers, and device identifiers.

The investigation, jointly conducted by the Ministry of Science and ICT and National Intelligence Service (NIS), found that KT discovered the infections—caused by “BPFdoor” and “web-shell” backdoor malware—between April and July 2024 but did not report the incident to authorities, as required by South Korea’s Information and Communications Network Act. The violation is subject to an administrative fine of up to ₩30 million (≈ US $22,000).

According to the taskforce, KT internally removed the malware by executing custom cleanup scripts rather than disclosing the breach.

“Evidence showed traces of BPFdoor had been wiped, which is why it was not detected during the nationwide inspection conducted after the SK Telecom hacking incident,” said Choi Woo-hyuk, Director of Network Policy at the Ministry of Science and ICT.

“However, digital forensics confirmed antivirus-related activities on 43 servers, suggesting KT was aware of and attempted to handle the infection internally.”

The government is conducting further forensic analysis to determine the full scope and impact of the intrusion, including potential data leakage. KT has acknowledged that subscriber information—including names, phone numbers, email addresses, and IMEI identifiers—was stored on some of the compromised servers.

The BPFdoor malware, a Linux-based backdoor, can remain dormant until activated by a “magic packet” from external attackers. The same exploit technique was reportedly used in a SIM-data breach at SK Telecom in April 2024, although investigators have yet to confirm whether the two incidents were carried out by the same threat actor.

Separately, the taskforce attributed the unauthorized micropayment hacking incidents linked to illegal femtocell (micro-base-station) devices to KT’s poor internal-network access controls and oversight failures in its femtocell operations.

Alphabiz Reporter Kim Jisun(stockmk2020@alphabiz.co.kr)