SK Communications

This scenario is based on the July 2011 intrusion into SK Communications, a South Korean internet service provider. CyWorld, the largest South Korean Social Networking Site (SNS) and Nate, a popular web portal in South Korea were both the victims of the theft of customer data for over than 35 million users combined. Millions of users lost the confidentiality of their personal information such as the members' resident registration numbers, phone numbers and email addresses. The attackers compromised a software vendor, and created a trojanized software update that installed a remote administration tool on more than 60 machines in the corporate network. Public discontent with the data leak moved information-sensitive Koreans to other social networking services.

Fig. 8: Network topology of SK Communications

The SK Communications hacking is an intelligent cyber attack designed to steal sensitive data or seize control over major facilities after infiltrating the network of the target organization. With a large network topology as shown in Figure 8, the infiltration was difficult to detect and respond to an attack in advance as it was carried out over a long period of time through the use of various malicious codes and attack roots.

Fig. 9: Workflow diagram of SK Communications
Download SKCommunications_CISSA.zip