KT concealed malware infections, security failures leading to hacking breach

KT Corp., South Korea's second-largest mobile carrier, was found to have concealed critical malware infections and failed to report the security breaches that led to a recent hacking and data theft incident, a government-led investigation revealed on Thursday.

The joint government-private investigation team, which is examining KT's recent cyberattack linked to illegal micro base stations, said the company learned between March and July of 2024 that 43 of its servers had been infected with so-called BPFDoor malware and other malicious code, reports Yonhap news agency.

Despite detecting the infections, which exposed customer data, the company did not notify authorities and instead attempted to handle the issue internally, according to the team. BPFDoor malware enables remote attackers to bypass firewalls and maintain long-term access to compromised systems. It was also used in a separate hacking case involving industry leader SK Telecom Co. reported earlier this year.

Investigators confirmed that the infected KT servers contained customers' personal information, including names, phone numbers and email addresses, as well as international mobile equipment identity (IMEI) data.

The team said it regards the concealment as being of "grave concern" and plans to work with relevant authorities to determine proper legal measures.