Seoul, Nov 6 (NationPress) KT Corp., the second-largest mobile provider in South Korea, has been accused of hiding serious malware infections and failing to disclose security breaches that have resulted in a recent hacking and data theft event, according to findings from a government-led investigation released on Thursday.

The investigation, conducted by a joint team comprising both government and private sector experts, is focused on KT's recent cyberattack associated with illegal micro base stations. It revealed that the company became aware between March and July 2024 that 43 of its servers had been compromised with BPFDoor malware and various other malicious programs, as reported by Yonhap news agency.

Even after identifying the infections that jeopardized customer data, KT neglected to inform the authorities and instead opted to manage the situation internally, the investigation team reported.

The BPFDoor malware allows remote attackers to circumvent firewalls and maintain persistent access to infected systems. This same malware was linked to a separate hacking incident involving industry leader SK Telecom Co., which was reported earlier this year.

Investigators confirmed that the compromised KT servers stored sensitive customer information, including names, phone numbers, email addresses, and international mobile equipment identity (IMEI) data.

The investigation team expressed that the concealment of this information is of extreme concern and plans to collaborate with relevant authorities to decide on appropriate legal actions.

Additionally, the probe uncovered significant vulnerabilities in KT's femtocell management, which permitted unauthorized devices to connect to the company's internal network.

A femtocell is a compact, low-power cellular base station usually intended for residential or small business use.

"KT's femtocell management system was notably inadequate, creating an environment where unauthorized femtocells could effortlessly access the internal network," the team stated.

The investigation concluded that hackers utilizing illegal femtocells could disable end-to-end encryption, facilitating the interception of users' payment authentication data.

The Ministry of Science and ICT announced it would conduct a legal review to assess whether KT's actions violated any laws and whether they warrant customer compensation.

The investigation was initiated after 368 KT customers experienced financial losses totaling 240 million won ($167,000) in August due to illegally operated micro base stations.

In response to the growing concerns regarding data security among its users, KT began offering free universal subscriber identity module (USIM) replacements to all customers starting Wednesday.

Officials also noted that KT has been referred to law enforcement on suspicions of obstructing justice for allegedly providing false information and concealing evidence during the investigation.

KT may also face potential financial penalties from the Personal Information Protection Commission, akin to the fine imposed on SK Telecom for its own data breach earlier this year, where SK Telecom was fined 134.7 billion won.

Following the government briefing, KT issued a statement affirming that it will take the investigation's findings "seriously" and apologized for the delay in reporting the data breach.