South Korea’s Ministry of Science and ICT has launched an official investigation into suspected cyber intrusions at telecom operators KT Corp. and LG Uplus. The move comes amid growing concerns over vulnerabilities in the country’s communications infrastructure, following revelations of a prolonged breach at SK Telecom earlier this year.
The ministry, working with the Korea Internet & Security Agency (KISA), has begun on-site inspections and is gathering system data for forensic analysis. While both KT and LG Uplus deny any confirmed breaches, officials have said findings will be disclosed if unauthorized access is proven.
Whistleblower Raises Alarm
The probe was prompted by Rep. Choi Min-hee of the ruling Democratic Party, who received information from an anonymous white-hat hacker. According to the whistleblower, sensitive data from KT and LG Uplus had surfaced outside their secured systems.
The exposed materials allegedly included:
- System source code
- Security certificates
- Internal account management code (LG Uplus)
- Data from nearly 9,000 servers (LG Uplus)
- Digital certificates from KT
Research Findings and Phrack Disclosure
Security researchers echoed these claims, suggesting KT and LG Uplus may have unknowingly leaked key infrastructure assets. The allegations gained wider attention when they were published in the 40th anniversary edition of Phrack, a U.S.-based hacking journal.
The report, “APT Down: The North Korea Files,” alleged that an attacker known as “KIM”—linked to the North Korean cyber-espionage group Kimsuky—had stolen around 8GB of data from South Korean government agencies and telecom operators. This included SSL keys, server databases, and even authentication records from ministries.
Telecoms Push Back
Both KT and LG Uplus have rejected claims of direct breaches. KT acknowledged that some external service certificates and private keys may have been exposed but stressed that its core networks remain secure. LG Uplus similarly stated that firewall and access log checks revealed no irregularities.
Both companies have emphasized full cooperation with the ministry and KISA, yet their responses have done little to calm broader concerns about systemic weaknesses in Korea’s telecom sector.
Regulatory Gaps in the Spotlight
This case comes after SK Telecom was fined earlier this year for failing to protect the personal data of more than 23 million users. The repeated incidents suggest an industry-wide struggle to safeguard critical infrastructure.
Lawmakers are now questioning whether existing rules hinder accountability. Rep. Choi Min-hee criticized the current framework, which only allows on-site inspections if companies self-report breaches. She warned that this incentivizes firms to downplay or conceal incidents. Choi has pledged to propose amendments to strengthen the government’s ability to intervene.
Why This Matters
The investigation highlights a broader structural challenge for South Korea: balancing rapid digital transformation with resilient cybersecurity. Telecom operators sit at the center of national infrastructure, meaning a single breach can ripple across finance, government, and defense sectors.
Three key takeaways stand out:
- Systemic Weaknesses – With SK Telecom, KT, and LG Uplus all facing scrutiny, these are not isolated lapses but signs of industry-wide security fragility.
- Regulatory Lag – Current laws rely heavily on company disclosure, creating blind spots for regulators. Strengthening mandatory reporting and inspection powers could be essential.
- Geopolitical Risk – Alleged links to North Korean hackers suggest that these incidents are not just technical failures but part of a larger cyber conflict in the region.
What’s Next
The Ministry of Science and ICT has pledged to continue forensic analysis and make results public if breaches are confirmed. The outcome of this probe could influence upcoming legislative reforms and redefine cybersecurity compliance for Korea’s largest telecom providers.
If confirmed, the breaches could serve as a turning point—forcing telecoms to move from reactive damage control to proactive defense, and pushing regulators to close gaps in oversight.
