Security Advisory: Recommended System Check Following Recent SKT Hacking Incident in Korea

 

I hope this message finds you well.

We are reaching out with a sincere security advisory in light of a major hacking incident that recently occurred in South Korea, targeting SK Telecom, one of the country’s leading telecom providers.

This large-scale cyberattack resulted in the breach of approximately 8 million user records and was carried out using sophisticated techniques, including malware disguised as legitimate system management tools.
You can find more details on the incident at the following link: https://namu.wiki/w/SK%ED%85%94%EB%A0%88%EC%BD%A4%20%EC%9C%A0%EC%8B%AC%20%EC%A0%95%EB%B3%B4%20%EC%9C%A0%EC%B6%9C%20%EC%82%AC%EA%B3%A0

SK텔레콤 유심 정보 유출 사고

 

What’s particularly concerning is that this attack method—injecting disguised executable files into Linux-based environments—could potentially threaten blockchain nodes and infrastructure as well. We are sharing this information in good faith, purely to help strengthen your project’s security posture, and kindly encourage you to review your systems accordingly.

Below are the relevant malware details and detection methods that may help in your internal assessments.

 

  [Malware Hashes and File Information]  

 

  [Detection Methods]

• To check for attacker connections, monitor packets for the presence of the following values: 0x7255, 0x5293, 0x39393939, 0x4430cd9f

sudo ss -0pb | grep -EB1 --colour "$((0x7255))|$((0x5293))|$((0x39393939))|$((0x4430cd9f))"

 

•   Check if ports in the range 42391–43391 are open:  ​

 netstat -lpn | grep -E ':42[3-9][0-9]{2}|43[0-3][0-9]{2}'

 

We truly hope this information proves helpful in reinforcing your project's security.

If you find this advisory useful and would like to express your appreciation, you may optionally send a small token of support to the wallet address below. This is by no means an obligation—just a gesture of goodwill, should you wish to do so.

 

Ethereum (ERC20) Wallet:  0xCBa6299bEDbEc9f6DCe58Cfb411716F4606A5AaD

Solana Wallet : 8wePhS3mRdtkqd7KZXExGoBRjt8Yqh35hKfmPNwM6Chc

Wishing you continued safe and secure operations.
Thank you for your attention.

Thank you.

 

Reference:

https://namu.wiki/w/SK%ED%85%94%EB%A0%88%EC%BD%A4%20%EC%9C%A0%EC%8B%AC%20%EC%A0%95%EB%B3%B4%20%EC%9C%A0%EC%B6%9C%20%EC%82%AC%EA%B3%A0

https://lastcard.tistory.com/722