Pierluigi Paganini April 22, 2025

SK Telecom warned that threat actors accessed customer Universal Subscriber Identity Module (USIM) info through a malware attack.

SK Telecom is South Korea’s largest wireless telecom company, a major player in the country’s mobile and tech landscape.

It holds about 48% of the market share for mobile services, meaning around 34 million subscribers use its network. The company offers cellular service, along with 5G development, AI services, IoT solutions, cloud computing, and smart city infrastructure.

The carrier is part of the larger SK Group, which is one of South Korea’s biggest conglomerates (also active in energy, semiconductors, chemicals, and more).

SK Telecom reported threat actors gained access to USIM-related information for customers following a malware attack. The Universal Subscriber Identity Module (USIM) is a smart card used in mobile devices, it securely stores subscriber information, including the International Mobile Subscriber Identity (IMSI) and cryptographic keys.

The telecom giant detected an infection of its systems at 11 PM on Saturday, April 19, 2025. Upon discovering the infection, the company promptly reported it to the Korea Internet & Security Agency (KISA) on Sunday, April 20, sanitized the impacted systems, and isolated the suspected hacking device. No cases of misuse of the information have been confirmed to date.

SK Telecom announced it had enhanced defensive measures and blocked illegal SIM card changes and abnormal authentication attempts.

The company is also offering impacted customers a subscription to the ‘SIM protection service’ for free.

“On April 19, 2025, at approximately 11:00 PM, SK Telecom discovered circumstances in which some SIM-related information of SK Telecom customers was suspected to have been leaked due to malware.” reads the data breach notification published by the company. “SK Telecom immediately deleted the malware after recognizing the possibility of a leak and isolated the suspected hacking device. As of now, there have been no confirmed cases of actual exploitation of the information, but we are implementing the following measures to prevent damage to our customers.”

The company is still investigating the security breach to determine the exact cause, the scale of the incident, and determine the leaked data. The South Korean provider also reported the data leak to the Personal Information Protection Commission at 10:00 a.m. on Tuesday, April 22.

Customers who want additional security measures could sign up for SIM protection service.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, data breach)