"BTS Jungkook Also Targeted"... International Hacking Organization That Stole 64 Billion Won Apprehended

Two Ringleaders Apprehended in Thailand, One Extradited and Detained
Securing Authentication Methods After Illegally Activating Budget Phones

An international hacking organization that stole assets from domestic wealthy individuals, including Jungkook of BTS, has been apprehended by the police.

"BTS Jungkook Also Targeted"... International Hacking Organization That Stole 64 Billion Won Apprehended

A member of an international hacking organization who caused 64 billion won in damage through 'unauthorized activation of budget phones' was apprehended by the police. Seoul Metropolitan Police Agency

The Cyber Investigation Unit of the Seoul Metropolitan Police Agency announced on the 28th that it had arrested 18 members of the international hacking group on charges including fraud under the Act on the Aggravated Punishment of Specific Economic Crimes and violations of the Information and Communications Network Act. Two key members, identified as A (35, Chinese national) and B (29, Chinese national), have been detained and referred for prosecution, while 11 others, including C (43), who was responsible for money laundering, have been referred without detention.

The ringleader, D (35, Chinese national), is scheduled to be referred for detention on the 29th, and another leader, E (40, Chinese national), was apprehended in Thailand and is currently being extradited to Korea. The remaining members are under investigation without detention.

They are accused of hacking government, public, and private websites to steal personal information such as resident registration numbers, mobile phone authentication data, and digital certificates. Using this information, they illegally opened budget phone accounts under victims' names, infiltrated financial accounts and virtual asset exchange accounts, and stole money. They stole a total of 39 billion won from 16 victims and attempted, but failed, to steal an additional 25 billion won.

On the 28th, Oh Gyusik, head of Cyber Investigation Division 2 at the Seoul Metropolitan Police Agency, is briefing on the investigation results of the "unauthorized activation of budget phones and other cases of bypassing non-face-to-face authentication" at the Seoul Metropolitan Police Agency. Photo by Yoon Dongjoo

The hacking group built a database of sensitive personal information by hacking numerous government and public institutions as well as IT company websites, and then used this data to commit their crimes. They specifically targeted wealthy individuals and high-profile figures, and later expanded their targets to include inmates in correctional facilities, celebrities, and virtual asset investors.

In particular, they opened budget phone accounts under the names of 89 victims, activating a total of 118 mobile phone SIM cards without authorization. During this process, they hacked into mobile carriers' account restriction services and illegally lifted restrictions. They also obtained authentication tools such as digital certificates and i-PINs through resident registration verification services and forgery, enabling them to open new accounts.

The police identified a total of 258 victims, with damages amounting to approximately 64 billion won. However, 25 billion won was prevented from reaching the hacking group due to abnormal transaction detection by financial institutions.

Similar to BTS member Jungkook, who became a target while serving in the military, many of the victims were reportedly businesspeople who were incarcerated at the time. Among them were figures from domestic virtual asset and venture companies, as well as the head of a company ranked among the top 30 in Korea's business community. According to the police, one victim suffered a loss of virtual assets worth 21.3 billion won.

The Seoul Metropolitan Police Agency began an intensive investigation after receiving the first report of "suspected identity theft involving budget phones" at the Namdaemun Police Station in Seoul in September 2023, as similar cases began to emerge nationwide. Through this investigation, the police apprehended two ringleaders and other key members, including intermediaries, money launderers, and domestic operatives, effectively dismantling the organization.

The police stated that, as a result of this case, they recommended to authorities the need to strengthen non-face-to-face identity verification procedures, which led to the promotion of amendments to the Enforcement Decree of the Electronic Financial Transactions Act.

A police official commented, "This case exposes structural vulnerabilities that threaten the reliability of online authentication systems and pose a serious risk to the protection of citizens' assets and personal information. Along with stronger security policies, it is important for individuals to consistently practice personal information security measures in their daily lives to avoid becoming targets of crime."