Investigation Team Applies Malware Detection Techniques After SKT Hacking Incident
The joint public-private investigation team probing the SK Telecom hacking incident will conduct direct inspections not only of other domestic mobile carriers such as KT and LG Uplus, but also of major platform companies including Naver.
According to IT authorities on May 26, following the SKT hacking incident, the investigation team, which had maintained a voluntary malware inspection system within the telecommunications and platform industries, began on-site inspections of KT, LG Uplus, and four platform companies?Naver, Kakao, Coupang, and Baemin?on May 23.
This measure was taken because there are suspicions that the hacking group that used the Linux-based malicious program "BPFDoor" in the recent SKT breach may also have attempted cyber intrusions targeting other domestic telecom operators and major platform companies.
The Ministry of Science and ICT established a dedicated task force on May 12 to review the security status of telecom and platform companies and is currently assessing their vulnerabilities to cyberattacks.
The reason these four platform companies were selected for inspection is that they are leading firms in the search, messenger, online shopping, and food delivery sectors?representative IT service fields with usage rates exceeding 90%. The usage rate mentioned here is based on an annual survey by the Ministry of Science and ICT, which measures the percentage of users who accessed the service during the three months prior to the survey.
The investigation team is currently applying antivirus programs targeting 202 variants of malicious code discovered during the SKT server investigation to the servers of these companies to check for possible infections.
An inspection team composed of security experts from the Korea Internet & Security Agency (KISA) is conducting inspections of the servers at the two telecom companies and four platform firms, utilizing the malicious code detection techniques used in the SKT hacking investigation. Unlike statutory investigations conducted after an actual hacking incident, this inspection is being carried out on-site with the cooperation of the companies involved.
So far, the investigation has found no significant signs of hacking or other abnormalities at KT, LG Uplus, or the four platform companies.
These companies are also conducting their own internal security checks and are required to immediately report to relevant authorities, such as KISA and the Personal Information Protection Commission, if any hacking damage is confirmed.
To date, a total of 23 SKT servers have been confirmed as compromised, and forensic analysis and other detailed investigations are ongoing for eight of them.
The attack method using BPFDoor is known to be primarily employed by advanced persistent threat (APT) groups believed to be state-sponsored, including those from China. This has led to the assessment that the recent SKT hacking was a highly organized and systematic cyberattack targeting the nation's core telecommunications infrastructure.
© The Asia Business Daily(www.asiae.co.kr). All rights reserved.
