The Korean operator’s latest briefing on the incident, which exposed personal and financial data belonging to some of its 23 million users last month, confirmed the malware persisted for nearly two years before being discovered.
Since detecting the breach in April, SK Telecom has isolated 25 strains of malware and quarantined 23 infected servers.
While the operator claims there is no evidence of additional data leakage, it has suspended new subscriber sign-ups and rolled out a nationwide SIM replacement programme as a precaution.
The company has also deployed an upgraded fraud detection system, FDS 2.0, which uses triple-factor authentication to block both SIM and device cloning attempts.
Following the breach, SK Telecom said it has automatically applied the upgraded FDS 2.0 system across its network, alongside SIM protection services available both domestically and abroad.
The operator also reiterated that no confirmed cases of customer damage or terminal cloning have been reported so far.
According to its latest briefing, all attempts at terminal or SIM piracy are now blocked at the network level, with triple-layer verification checking the legitimacy of the subscriber, SIM card, and device.
The operator said it would take full responsibility for any damages resulting from the breach.
SK Group chair Chey Tae-won apologised to customers in early May and said the incident needs to be looked at “as a matter of national defence”.
The malware used to breach SKT’s systems is believed to be BPFdoor, an authentication circumvention software that, according to local news reports in Korea, was heavily employed by hacking groups with links to China, such as Red Menshen.
No group has claimed responsibility for the attacks, but Chey’s national security fears and the use of BPFdoor come as Chinese-linked hackers employed similar tactics to attack US-based telcos late last year.
RELATED STORIES
SK Group chairman apologises for SK Telecom data breach
ITW: Cybersecurity demands greater accountability, industry leaders warn
