Home > National > Social Affairs

KT breach wider than thought as authorities discover 20 more illegal base station IDs

Published: 16 Oct. 2025, 12:42

The suspect in the KT unauthorized micropayment case is transferred to prosecutors from the detention center at Suwon Yeongtong Police Precinct in Suwon, Gyeonggi on Sept. 25. [YONHAP]

Authorities have identified about 20 additional illegal base station IDs used in the KT micropayment hacking case, revealing a broader extent of the breach.

A joint public-private investigative team found the extra base station IDs — known as cell IDs — beyond the four initially identified by KT, according to a news report from Yonhap News Agency on Thursday.

The team also confirmed that the number of affected victims has grown, with around 10 individuals newly identified.

The KT micropayment fraud case involves hackers exploiting vulnerabilities in KT's mobile billing system by using illegal base stations to impersonate legitimate KT networks from late August to September. By tricking nearby devices into connecting to these fake networks, the perpetrators were able to initiate unauthorized small-value transactions without the users’ consent.

KT has so far acknowledged 362 victims in the unauthorized micropayment case, while police had counted 220 as of Monday. Some of the individuals identified by police do not appear on KT’s official list of victims, indicating discrepancies in the victim count between the two agencies.

KT is reportedly considering another briefing to update the public on the case. Prosecutors indicted and detained the main suspects behind the KT hacking scheme on Sept. 25.

The Cyber Investigation Unit of the Gyeonggi Nambu Provincial Police Agency referred a 48-year-old Chinese national to the prosecution on charges of violating the Act on Promotion of Information and Communications Network Utilization and the Act on the Punishment of Fraud and other related crimes. Another suspect, a 44-year-old Chinese national, was also referred on similar charges, including concealment of criminal proceeds.

According to police, the 48-year-old suspect drove around apartment complexes in Gwangmyeong, Gyeonggi, and Geumcheon District, southern Seoul, between Aug. 5 and Sept. 5. He allegedly operated illegal portable base stations that mimic legitimate telecom signals from a vehicle during early morning hours.

The second suspect allegedly converted unauthorized micropayment records obtained through the illegal base stations into cash, collecting about 200 million won ($141,000). Police said he transferred most of the proceeds to a Chinese bank account, keeping approximately 10 million won for himself.

The investigation is ongoing as authorities work to determine the full extent of the breach and identify any remaining victims.

This article was originally written in Korean and translated by a bilingual reporter with the help of generative AI tools. It was then edited by a native English-speaking editor. All AI-assisted translations are reviewed and refined by our newsroom.
BY JANG GU-SEUL [[email protected]]