The Public-Private Joint Investigation Team (hereafter referred to as the Investigation Team), which is investigating the SK Telecom server breach, announced that the scale of the SIM card information leak reached 26,957,749 cases and that they will closely examine additional leaks.

On the 19th, the Ministry of Science and ICT announced the results of an intensive inspection into whether SKT was infected with BPFDoor series malware.

Following the first announcement on April 29, the investigation team released a second announcement on May 19, disclosing the current progress of the investigation and whether there were any additional malware infections.

The investigation team announced in this announcement that they have confirmed that a total of 23 servers have been infected with the BPFDoor family of malware, and have completed forensic analysis on 15 of them.

A detailed analysis of the remaining eight is underway, and a fifth inspection is planned to confirm additional infections.

A total of 25 types of malware were discovered through this investigation, including 24 types of BPFDoor and 1 type of web shell.

The investigation team explained that they are increasing the intensity of the investigation, saying, “Since the BPFDoor malware has the characteristic of penetrating internally in a covert manner, it is essential to check for additional infections.”

The investigation team found that personal information was It was revealed that two servers that were temporarily stored for a certain period of time were infected with malware.

The server in question is linked to SKT's integrated customer authentication server, and contains personal information such as terminal unique identification number (IMEI), name, date of birth, phone number, and email address called during the customer authentication process.

In relation to this, the investigation team explained, “We immediately requested action from the business operator and also reported the relevant facts to the Personal Information Protection Commission.”

Additionally, on May 16, they announced that they would share server data obtained with the consent of the business operator and conduct a more precise analysis.

The investigation team said that they conducted four inspections of approximately 30,000 Linux servers and confirmed infection using a tool that can detect 202 known domestic and international BPFDoor variants.

In particular, the 4th inspection was conducted directly with the support of the Korea Internet & Security Agency (KISA), and it was announced that the amount of leaked SIM card information so far amounts to 9.82 GB.

This corresponds to 26,957,749 cases based on the subscriber identification key (IMSI), and the investigation team is also closely examining the possibility of additional information leaks.

The Ministry of Science and ICT is operating a security inspection task force targeting other telecommunications companies and major platform companies in response to this incident, and is conducting inspections on a daily or weekly basis to prevent similar breaches.

In addition, the National Intelligence Service is also conducting inspections of central administrative agencies and public institutions, and it has been confirmed that no cases of damage have been reported from private or public institutions to date.

An official from the investigation team said, “In the future, if circumstances that may cause damage to the public are discovered during the investigation of a breach, we will transparently disclose them and encourage businesses to respond quickly,” adding that the government willIt also announced that it plans to continuously strengthen its response measures.

This SKT breach is evaluated as a case that exposed the weaknesses of the domestic information security response system. The investigation team plans to complete an intensive inspection of all servers by June, and will closely analyze the possibility of additional infections and data leaks to prepare future security enhancement measures.