KT headquarters building in Gwanghwamun, Jongno District, Seoul. (Yonhap)
SEOUL, Nov. 6 (Korea Bizwire) — South Korean telecom giant KT Corp. has come under scrutiny for allegedly concealing a massive malware infection last year instead of reporting it to authorities, a joint government-private investigative panel said Thursday.
According to the panel, KT discovered in mid-2024 that dozens of its servers had been infected with BPFDoor, a stealthy backdoor malware that was also used in the major hacking incident targeting SK Telecom earlier this year.
Investigators said KT identified 43 compromised servers between March and July of last year but failed to notify the government, opting instead to handle the issue internally. The servers contained sensitive subscriber data, including names, phone numbers, email addresses, and device identifiers.
The revelation raises questions about why the infection went undetected even after authorities conducted a nationwide security inspection in response to the SK Telecom breach.
“The traces of BPFDoor had been erased, which explains why it didn’t surface during earlier investigations,” said Choi Woo-hyuk, head of the joint panel. “However, evidence of antivirus activity revealed that KT was aware of the intrusion.”
This photo taken Sept. 10, 2025, shows a retail store of South Korea’s No. 2 mobile carrier KT Corp. in Seoul. (Image courtesy of Yonhap)
Authorities are now investigating whether the malware led to the leak of any personal information or whether the same attackers were behind both incidents. KT’s possible concealment of the breach is being “taken very seriously,” the panel said, adding that the case has been referred to police on suspicion of obstruction of justice.
The investigation also found serious security flaws in KT’s management of femtocells—mini base stations used to enhance mobile coverage—which were linked to unauthorized micro-payment fraud cases.
All femtocells supplied to KT reportedly used the same authentication certificate valid for ten years, meaning cloned devices could access the company’s network without restriction.
Additionally, key network data such as cell IDs, server IPs, and certificates were shared with subcontractors without proper security controls, while KT failed to block abnormal IP connections or verify whether devices accessing its internal network were legitimate.
The panel said hackers who gained control of illegal femtocells could potentially intercept authentication data for automated payments or even eavesdrop on text messages and calls. Further forensic analysis is underway to determine the extent of the exposure.
The Ministry of Science and ICT said it is reviewing whether KT’s actions constitute a violation of telecom regulations and may impose penalties or order temporary service suspensions if systemic security lapses are confirmed.
In a statement, KT apologized for the delayed disclosure, saying it “takes the interim findings seriously” and has since strengthened its network security by blocking unverified programs and integrating its monitoring systems under a unified control framework.
Kevin Lee (kevinlee@koreabizwire.com)
