Illegal Femtocell Intrusions Once Centered in the Seoul Metropolitan Area
Now Confirmed in Wonju, Gangneung, and Other Regions
Number of Access IDs Rises to 20, Victims Exceed 22,200
It has been revealed that cases involving ultra-small base stations (femtocells) illegally accessing KT user networks have spread beyond the Seoul metropolitan area to other regions such as Gangwon Province. Concerns about inadequate security management are growing, as evidence has emerged that user information was stolen from unidentified base stations not officially managed by KT, with such incidents continuing since October last year.
According to KT's announcement on the 17th, a comprehensive investigation of 1.5 billion telecommunications billing agency payment records and over 4 trillion connection logs between mobile phones and base stations, from August 1, 2024 to September 10, 2025, revealed that the number of illegal base station IDs increased from 4 to 20. As a result, the number of victims of illegal access expanded from 20,030 to approximately 22,200, and the number of unauthorized micro-payment victims increased from 362 to 368.
In particular, the illegal base station whose activity was first detected was found to have started connecting on October 8 of last year. This means that illegal access began about ten months before the period KT identified for unauthorized micro-payments (early August to early September this year).
Previously, the damage was believed to be limited to the Seoul metropolitan area, including Seoul, Gyeonggi, and Incheon. However, the latest investigation found numerous records of illegal access in Gangwon Province as well. Records confirmed connections in Wonju, Gangneung, and Pyeongchang, indicating that the scope of the damage has expanded.
Currently, some equipment has been seized from a criminal organization composed of Chinese nationals and others, which was apprehended by the police. However, there is a possibility that additional equipment exists. Koo Jaehyung, head of KT's Network Technology Headquarters, stated, "Although we cannot disclose specifics, the existence of additional equipment is under investigation."
The scale of damage reported by KT has continued to grow with each announcement. As of the 11th of last month, there were 278 victims of unauthorized micro-payments; a week later, the number rose to 362, and in this announcement, it increased to 368. The total amount of damage also rose from 170 million won to 240 million won, and with the latest confirmation of additional victims, it has reached approximately 243 million won.
The method by which micro-payments were made through illegal femtocells has yet to be clearly identified. Koo explained, "Information necessary for payment authentication, such as the user's name and date of birth, cannot be obtained from illegal base stations," adding, "The investigation team is currently checking internal servers and other sources, and we will announce the results as soon as they are available."
As the affected regions and time period have expanded, some have pointed out that KT needs to provide additional notifications to all users. In response, Kim Younggeol, head of KT's Service Product Headquarters, stated, "We understand that the scope of damage is different from the SK Telecom hacking incident," adding, "Depending on the investigation results, we are considering waiving penalty fees, and all stores are supporting users in signing up for security services and phishing insurance."
© The Asia Business Daily(www.asiae.co.kr). All rights reserved.
