[Security Issue] SKT Hack Exposes One-Third of South Koreans to Risk

Massive SKT Hack Becomes National Crisis (SKT Hack)

A massive cyberattack has struck SK Telecom, South Korea’s largest mobile carrier, escalating into a national crisis that affects approximately 23 million subscribers. The breach, which occurred on April 18, 2025, goes far beyond a typical corporate data leak—it involved the theft of USIM data, which functions as a digital identity card for nearly a third of the population.

The compromised information includes USIM keys, International Mobile Subscriber Identity (IMSI) numbers, device identifiers (IMEI), and mobile phone numbers—all of which are tightly linked to individuals’ digital lives. These details can be exploited for USIM cloning, unauthorized communications, and financial fraud, posing a serious national security threat.

The incident reveals a critical vulnerability in the country’s communications infrastructure and underscores just how fragile our digital foundations can be in the face of sophisticated cyber threats. (SKT Hack)

 

SK Telecom Hack Exploited Weekend Timing and VPN Vulnerabilities

The cyberattack on SK Telecom occurred during the late-night hours of Saturday, April 18, 2025—a time when security monitoring tends to be less vigilant. Investigators believe the attackers strategically timed the breach to coincide with this window of reduced oversight. By the time the company’s security team detected the anomaly—on the night of April 19—data linked to nearly 23 million subscribers’ USIMs had reportedly already been compromised.

The attackers specifically targeted SK Telecom’s Home Subscriber Server (HSS)—a core component of the mobile authentication infrastructure. The HSS plays a critical role in verifying user identities and enabling mobile services, often referred to as the “heartbeat” of the telecom network. The fact that such a high-level system was compromised suggests the involvement of a highly sophisticated threat actor, likely beyond the capabilities of ordinary hackers.

While the full scope of the breach is still under investigation, early findings point to a vulnerability in SK Telecom’s VPN (Virtual Private Network) infrastructure as a key entry point. VPNs are commonly used to secure remote access to internal corporate systems, but in this case, outdated VPN equipment, weak authentication protocols, and a fundamental trust model that “grants full access once authenticated” were all cited as major weaknesses.

Attackers exploited these VPN flaws to gain initial access, and then laterally moved within the network to infiltrate high-value systems and extract sensitive data. The incident starkly illustrates the limitations of perimeter-based security models, particularly in the context of modern, distributed work environments. (SKT Hack)

 

Leaked Data and Associated Risks

The information leaked in this incident includes the USIM authentication key (KI), International Mobile Subscriber Identity (IMSI), device identifier (IMEI), and phone numbers—all of which are essential for user identification and authentication within mobile networks. This highly sensitive data effectively functions as a digital identity, and its exposure introduces several serious risks:

• USIM Cloning Risk: With access to the stolen KI, attackers could replicate legitimate users’ USIMs, enabling unauthorized use of mobile communication services under someone else’s identity.

• Bypassing Identity Verification: The stolen data could be used to circumvent mobile-based identity checks, which are widely used in financial services and public sector authentication systems.

• Sophisticated Smishing Attacks: Combining leaked phone numbers with other personal data opens the door to targeted, high-precision smishing (SMS phishing) campaigns.

• Network Disruption: If a large number of cloned SIMs are activated simultaneously, it could result in network congestion or outages, potentially paralyzing mobile services.

Although no confirmed cases of abuse have been reported as of now, experts warn that this kind of information is highly valuable on the dark web and may pose long-term cybersecurity risks.

 

 

 

How to Respond to Sophisticated Cyberattacks: Embracing SDP and ZTNA

The recent SK Telecom hacking incident has brought renewed attention to the vulnerabilities of traditional VPN infrastructure—highlighting how attackers exploited outdated equipment as a primary entry point. As cyber threats become more sophisticated, technologies like Zero Trust Network Access (ZTNA) and Software-Defined Perimeter (SDP) are emerging as essential alternatives to conventional perimeter-based security.

ZTNA is a security model that continuously verifies every access entity—users, devices, locations—before granting least-privileged access to resources. By authenticating and authorizing each access request to networks, applications, and data, ZTNA significantly reduces the risk of unauthorized access or lateral movement.

SDP, on the other hand, provides a dynamic and secure approach to access control by making internal resources invisible to unauthenticated users. Unlike VPNs, which often expose internal systems once connected, SDP only reveals specific services to validated identities—dramatically minimizing the attack surface.

Penta Security offers a ZTNA-based solution called Cloudbric Access Solution (PAS), built on SDP principles. PAS delivers high-level security by continuously verifying user identity and access permissions. As a SaaS offering, it requires no additional infrastructure and can be deployed instantly from any internet-connected environment—supporting fast, scalable rollout.

To prevent future security breaches like the SK Telecom incident and to strengthen foundational network security, ZTNA and SDP should be actively considered as core strategies. Zero trust–based architectures that segment access and eliminate implicit trust are rapidly gaining adoption both domestically and globally.

As digital transformation accelerates and remote work becomes the norm, the traditional notion of a fixed network perimeter is no longer sufficient. The SK Telecom hack serves as a wake-up call—companies must now move away from the outdated “trust but verify” approach and transition toward a zero trust model that assumes no implicit trust and enforces continuous verification. (SKT Hack)

 

* Would you like to learn more?
We invite you to discover how we can help your business.