Following the SK Telecom SIM (an IC card that records subscriber information of a mobile phone company) data leak incident, the company warned that attacks on Korean companies would continue.
In a written interview with Korean media outlet Herald Business on the 14th, TeamT5 predicted that attacks would continue even after the SKT SIM information leak incident, especially in the context of geopolitical conflicts.
The company expressed concern that South Korea has become a major target of attacks as the country's defenses deepen. "According to our own research, China's APT (Advanced Persistent Threat) groups have persistently targeted South Korea," the company said.
"This is because South Korea plays a core role in considering China's new industrial capabilities, the alliance with the United States, and regional security," he said.
"China has targeted U.S. allies, including South Korea, Japan, and Australia, and has been manipulating and concealing logs and traffic to make its attacks more sophisticated," he said.
"They will hide their intentions," he said, indicating that China will adopt a method of repeatedly attacking critical infrastructure in order to advance its national interests without inviting direct conflict.
The company is said to have predicted the SKT SIM card information leak incident. On the 14th of last month, the company posted on its blog that it was investigating China-related APT hacking.
The hacking group had revealed that they had exploited vulnerabilities in the Ivanti VPN communications device to infiltrate institutions around the world.
On the 9th, SKT experienced a SIM information leak incident. Even if no personal information was leaked in the SKT hacking incident, the company said it was possible that hackers could use this incident for future attacks.
"Hackers do not carry out individual attacks, but rather have long-term goals," the company said. "Key infrastructure is a service that provides sensitive data, so it is important to protect the company's data and protect the privacy of the company."
"The communications data could also be used to collect and monitor information about users," he said.
"It is attractive as a launch pad for developing new technologies," he added. The company also suggested that the SKT hacking incident may have been the work of a Chinese hacker group.
"We have no evidence that shows a direct link between the SKT USIM hacking incident and Chinese APT groups," he said, but added, "South Korea's telecommunications and major infrastructure operators are not affiliated with Chinese APT groups.
"SKT is a frequent target of cybercriminals," he said. He also said that the SKT hacking investigation process will be a long-term battle. If the attackers delete logs during the hacking process,
"When logs are deleted, forensic evidence that investigators use to reconstruct the time of an attack, identify the point of intrusion, and assess damage is erased," the company explained.
"Unless you have immutable backups, recovery will be very difficult or impossible if the logs are deleted," he said. Chinese APT groups are using log deletion to avoid detection and prevent accidents.
The company analyzed that this could delay responses and remain hidden on networks for long periods of time.
2025/05/15 06:12 KST
Copyrights(C) Herald wowkorea.jp 104