The SKT Hacking Scandal: A Telecom Nightmare That Shook a Nation

What if your phone’s information has already fallen into someone else’s hands? The shocking leak of 27 million SKT USIM data began in an unexpected place—and spiraled into a national crisis.

In May 2025, South Korea’s largest telecom operator, SKT, became the target of an unprecedented cyberattack. This was no ordinary corporate hack—it evolved into a massive data breach that threatened the very security of the nation.

Key facts of the incident include:

• Leakage of 27 million SKT USIM records
• Discovery of 25 types of malware
• Confirmation of infection in 23 servers

As this devastating truth came to light, the public was thrown into turmoil, and SKT faced the gravest crisis in its history.

The attack’s origins date back to June 2022 when a backdoor program called ‘BPFDoor’ was covertly installed on SKT’s Linux servers. This malicious software cunningly manipulated network traffic, granting hackers hidden access.

Even more alarming is the identification of ‘Red Menshen,’ a hacker group reportedly backed by the Chinese government, as the orchestrators behind the attack. This group has a notorious history of targeting telecom companies across the U.S., Switzerland, the Middle East, and Asia.

The SKT hacking scandal exposes vulnerabilities far beyond a corporate breach—it is a wake-up call revealing the fragile state of national cybersecurity. It starkly highlights the urgent need for heightened awareness and stronger protections of personal information.

Now, not just SKT but every corporation and government entity must fortify their cyber defenses. As our lives grow ever more dependent on digital infrastructure, these threats will only intensify.

BPFDoor and Red Menshen: Intruders in the Shadows of the SKT Hacking Incident

An invisible Linux-based backdoor infiltrated systems unnoticed. What is the reality behind BPFDoor, which hid undetected for nearly three years alongside 25 types of malware, and the suspicions of Chinese government backing? Let’s take a closer look at these key threat elements at the heart of the SKT hacking incident.

BPFDoor: The Key to Covert Infiltration

BPFDoor has been identified as the primary malware tool in the SKT hacking incident. This backdoor program features:

1. Highly sophisticated malware targeting Linux-based systems
2. Clever manipulation of network traffic to evade detection
3. A backdoor function providing remote access privileges to attackers

BPFDoor is believed to have first been installed on SKT systems around June 2022 and operated undetected for nearly three years. This underscores the stealth and danger posed by this malware.

25 Types of Malware: A Complex Attack Strategy

Besides BPFDoor, 24 additional malware variants were discovered in the SKT hacking case. This indicates a complex, systematic attack strategy rather than a simple single-tool assault. The combination of various malware types implies risks such as:

• Multiple infiltration pathways secured
• Enhanced capabilities to avoid detection
• Persistent system access maintained

Red Menshen: The Suspected Chinese Hacker Group

Red Menshen, a Chinese government-backed hacking group, is being pointed to as the force behind the SKT hacking incident. Characteristics of Red Menshen include:

1. Expertise targeting major global telecommunications companies
2. Operations spanning the U.S., Switzerland, the Middle East, and Asia
3. Use of sophisticated hacking tools, including BPFDoor

Red Menshen’s activities are seen as more than mere cybercrime—they reflect a component of advanced cyber warfare between nations. Viewed in this context, the SKT hacking incident is recognized as a serious threat directly tied to national security.

Future Challenges: Strengthened Security and International Cooperation

The threats unveiled by BPFDoor and Red Menshen in the SKT hacking incident leave crucial challenges for domestic corporations and government entities:

1. Establishing advanced malware detection systems
2. Formulating national-level cybersecurity enhancement policies
3. Tracking and responding to hacker groups through global cooperation

This case has vividly revealed the reality of invisible cyber threats to us. The time has come to closely watch how SKT and other Korean companies, along with the government, will respond to these evolving dangers.

Collapse of Market Trust Due to SKT Hacking Incident: Repercussions Spreading Across the Entire Telecom Industry

The SKT hacking incident has evolved into a major crisis shaking the entire domestic telecommunications market, far beyond just a corporate issue. Following the shocking news of customer data breaches, trust in SKT has crumbled, triggering a domino effect that is rippling throughout the market.

Mass Customer Exodus and Shift to Competitors: Dramatic Market Landscape Changes

The most striking change after the SKT hacking incident is the massive departure of customers. Growing concerns over personal information security have driven many SKT users to switch to other telecom providers. Particularly, number portability has surged towards KT and LG U+, resulting in a rapid increase in their market shares over a short period.

• SKT customer churn rate: 15% increase compared to last year
• KT new subscriber growth: 20% rise compared to the previous month
• LG U+ market share: 2 percentage points gain

SKT Stock Plunge and Widespread Anxiety Across the Telecom Sector

Alongside the customer exodus, SKT’s stock price plummeted drastically. Immediately after the hacking incident was made public, SKT shares fell by over 10% compared to the previous day, slashing SKT’s market capitalization by trillions of won. Moreover, this crisis has sparked widespread security fears throughout the telecom industry, dragging down the stock prices of other providers as well.

Rising Costs for Security Enhancements and Concerns Over Profitability Deterioration

In response to the incident, SKT and other major domestic telecom companies have launched extensive security reinforcement efforts. However, these measures are expected to significantly increase costs. In the short term, worsening profitability appears inevitable, raising strong pressure for future hikes in telecommunications service fees.

Government Regulatory Tightening and Shifts in Telecom Business Environment

Triggered by the SKT hacking scandal, the government is anticipated to impose much stricter security regulations on telecom operators. This shift could profoundly alter the operating environment for these companies and is likely to have long-term effects on the competitive landscape of the domestic telecommunications market.

This SKT hacking crisis will be remembered not merely as a corporate downfall but as an event that shook the trust foundation of the entire domestic telecom market. With ongoing repercussions manifesting as customer churn, stock value declines, and elevated security expenditures, this incident is expected to mark a pivotal turning point that will dramatically reshape the future of the telecom industry.

Cyberwar Beyond Borders: What the SKT Hacking Incident Reveals About Our Nation’s Security

The recent SKT hacking incident has delivered a shocking wake-up call to us all. It exposed the hidden reality of an unseen war between nations, going far beyond a simple corporate hack. What threats might South Korea be facing without you even realizing it?

The Reality of State-Sponsored Hacking

The hacker group ‘Red Mention,’ suspected of targeting SKT, is known to be backed by a nation-state. This indicates that the attack was not just a criminal act but a strategic assault at the national level. There is a high likelihood that major companies and institutions in our country are already being targeted by similar attacks.

Our Vulnerabilities

1. Digital Dependency: As demonstrated in the SKT case, hacking a telecom company alone can lead to the leakage of 27 million pieces of personal data. Our society’s deep reliance on digital infrastructure can, ironically, become a significant weakness.

2. Lack of Security Awareness: Many companies and individuals continue to overlook the importance of cybersecurity. The fact that even a major corporation like SKT failed to detect the hack for three years starkly reveals our current security shortcomings.

3. Limits of International Cooperation: While global collaboration is essential to counter cross-border cyber attacks, in reality, achieving such cooperation remains a daunting challenge.

Actions We Must Take

1. Strengthen National Cyber Defense Systems: The government must take the SKT incident as a hard lesson and build far more robust cyber defense mechanisms.

2. Expand Corporate Security Investments: All companies, including SKT, need to significantly increase their cybersecurity funding.

3. Raise Personal Data Protection Awareness: Each of us must recognize the critical importance of safeguarding personal information and consistently practice security measures in daily life.

The SKT hacking incident sends us a vital warning. In this era of cyberwar that crosses borders, we are no longer safe zones. It is time for individuals, corporations, and the nation to unite and prepare against this emerging threat.

After the SKT Hacking Incident: 5 Strategic Recommendations Drawn from Crisis Lessons

What should we do now? The SKT hacking incident has escalated beyond a mere corporate crisis to a national-level cybersecurity issue. Based on the lessons learned from this event, let’s outline practical security measures to prevent recurrence, a new paradigm of global cooperation, and the essential nature of maintaining customer trust.

1. Enhance Real-Time Monitoring Systems

• All telecom companies, including SKT, must establish 24/7 real-time network monitoring systems.
• AI-based anomaly detection systems should be introduced to block hacking attempts at their earliest stages.

1. Implement Multi-Layered Security Architecture

• Rather than relying on a single line of defense, multiple security layers should be built across network, server, and application levels.
• Learning from SKT’s case, encryption and access control must be strengthened, especially for critical data such as USIM information.

1. Establish International Cybersecurity Cooperation Frameworks

• To respond to nation-backed hacker groups suspected behind the SKT hacking incident, international collaboration is essential.
• The Korean government must build systems for sharing cybersecurity information and joint responses with key countries like the U.S. and Europe.

1. Strengthen Employee Security Awareness Training

• As seen in the SKT case, employee security awareness is crucial given their access to internal systems.
• Regular security training and simulated hacking exercises should be conducted to elevate cybersecurity awareness across all staff.

1. Transparent Communication to Restore Customer Trust

• Security incidents directly impact corporate trust, as customer attrition following the SKT hacking incident has shown.
• Swift and transparent disclosure of information, coupled with concrete compensation plans, are necessary to regain customer confidence.

These strategic recommendations, drawn from the SKT hacking incident, go beyond a single company’s problem and will contribute to enhancing the nation’s overall cybersecurity capabilities. This incident should serve as a catalyst for building a stronger, safer digital ecosystem. When corporations, governments, and citizens alike recognize the importance of cybersecurity and collaborate, we will be better equipped to confront future threats effectively.