A recent report by British technology research firm Rethink Technology Research has raised serious concerns over a cyberattack on KT, South Korea’s leading telecom operator, suggesting the incident may involve state-level cyber espionage rather than a simple fraud case. The report, titled “KT Cyberattack: More Serious Than You Think,” was published on December 10 and analyzes the implications of the breach in detail.
According to Rethink Technology Research, the KT cyberattack appears to have targeted femtocells, small cellular base stations used in homes and offices, not for micro-payment fraud, but potentially to collect large-scale data at a national level.
The report states, “The cyberattack on South Korean telecom company KT is not a simple fraud case but closer to a state-level cyber espionage activity spanning several years when examining the details.”
The report further notes that KT’s internal logs only date back to August 2024, making it difficult to confirm what occurred at vulnerable points before that period. Analysts suggest that this lack of historical data complicates the investigation and points to possible systemic failures in femtocell management, server oversight, and encryption protocols. “It seems inevitable that KT’s leadership will face accountability for management negligence,” the report adds.
Security Experts Weigh In
Security experts in South Korea have weighed in on the report’s findings. Dmitry Kurbatov, Chief Technology Officer at global communication security company SecurityGen, posted on LinkedIn that “the unauthorized micro-payment incident at KT is likely a deeper issue involving a network of thousands of femtocells.”
Similarly, Kim Yong-dae, a professor in the Department of Electrical and Electronic Engineering at KAIST, described the incident as essentially a wiretapping operation rather than conventional financial fraud.
While Rethink Technology Research frames the attack as unprecedented in scope and sophistication, KT officials have pushed back against the report’s conclusions. A company spokesperson stated, “If you look at other reports by the author of this report, there is a tendency to be favorable and biased toward certain companies. It is difficult to regard this as an objective interpretation.”
The KT Cyberattack Investigation Timeline
The cyberattack on KT was first detected in early September, when irregular micro-payments were identified across the network. A joint government-private investigation has been ongoing for over three months, with authorities yet to release the final findings. Analysts attribute the delay to stretched investigative resources due to a series of large-scale cyber incidents in South Korea, including the Coupang data leak. Some have also speculated that the prolonged timeline may indicate an intentional delay on KT’s part.
For comparison, the SK Telecom hacking case was resolved within two and a half months, followed by compensation announcements for affected users. In the case of KT, an investigation team official noted during a briefing following the presidential business report on December 12, “While investigating KT, additional issues have emerged, and server forensics are taking a considerable amount of time.”
Industry observers warn that the cyberattack on KT should serve as a cautionary tale for telecom operators not only in South Korea but globally.
