Activists stage a protest in Seoul calling for a thorough investigation into a security breach at KT Corp., in this file photo from Sept. 15, 2025. (Yonhap)
SEOUL, Dec. 29 (Korea Bizwire) — South Korea’s science ministry said Monday that a security breach at KT Corp., the country’s second-largest mobile carrier, stemmed from lax internal controls over femtocells—small base stations used in homes and offices—allowing attackers to penetrate the company’s core network and carry out unauthorized mobile payments.
The Ministry of Science and ICT released its findings after KT disclosed earlier this year that hackers had exploited its systems to make illicit micropayments totaling 243 million won ($169,000), affecting 368 customers. Investigators said sensitive subscriber information—including mobile numbers, IMSI and IMEI identifiers—was exposed for 22,227 users.
According to the report, KT’s femtocell management framework suffered from fundamental security flaws. All femtocells supplied to the carrier shared identical digital certificates, enabling unauthorized or counterfeit devices to gain access to KT’s internal network with relative ease. Once connected, those devices could continue accessing the network for years, as the certificates carried a 10-year expiration period.
The ministry said its investigation uncovered malware infections across 94 KT servers, involving 103 distinct strains, underscoring what it described as systemic weaknesses in KT’s network security oversight.
KT headquarters building in Gwanghwamun, Jongno District, Seoul. (Yonhap)
Regulators have instructed KT to implement corrective measures, including rotating authentication server IP addresses and deploying systems capable of detecting and blocking unauthorized femtocell access. KT has been ordered to submit a detailed remediation plan within a month, with a government follow-up scheduled for June to verify compliance.
The ministry also said KT’s failure to meet its contractual duty to provide secure telecommunications services could allow affected customers to cancel contracts without penalty, a move that could carry financial and reputational implications for the carrier.
In a separate case, the ministry sharply criticized LG Uplus Corp., South Korea’s third-largest mobile operator, accusing it of obstructing an official investigation into a data breach disclosed in July. Regulators said LG Uplus submitted inaccurate documentation and discarded compromised servers after being notified of the breach by the Korea Internet & Security Agency, effectively preventing forensic analysis.
The ministry has requested a police investigation into LG Uplus on suspicion of obstructing official duties.
“Information security is no longer optional—it is essential to corporate survival,” Science Minister Bae Kyung-hoon said, adding that the government would intensify efforts to strengthen national cybersecurity as part of its broader ambition to position South Korea among the world’s top artificial-intelligence powers.
M. H. Lee (mhlee@koreabizwire.com)
