Police identify alleged mastermind in KT Corp. mobile payment breach; international manhunt underway

Police in South Korea have identified the alleged architect of a mobile payment breach targeting KT Corp. customers and have requested international assistance to track him down. The Gyeonggi Nambu Provincial Police Agency said Monday that the suspect, described as a Chinese national of Korean ethnicity, is believed to be residing in China and is the central figure behind a scheme that compromised KT mobile users in the Seoul metropolitan area between August and September.

The breach involved unauthorized micropayments processed through compromised KT mobile accounts, a fraud pattern that drew attention earlier this year after several customers reported unexplained charges for small online purchases. KT Corp., a major South Korean telecommunications provider, launched an internal review as reports increased, prompting regulators and law enforcement to examine how illegal portable base stations and spoofed signals were used to intercept authentication procedures tied to mobile payment services.

Investigators determined that the operation enabled illicit transactions, including the purchase of gift certificates, through hacked mobile accounts. Authorities have received reports from approximately 220 victims, with losses totaling about 140 million won, or roughly 95,300 dollars.

The suspect is accused of directing another Chinese national to deploy an illegal portable base station to infiltrate the phones of KT customers. The accomplice, who was arrested in mid-September, told investigators he joined the operation in exchange for five million won from the alleged mastermind.

Police have detained 13 individuals, most of them South Korean nationals, in connection with the breach and have placed five under formal arrest. The group is believed to have played various supporting roles in the execution of the illicit payment scheme.

Despite identifying the suspect, investigators anticipate significant challenges in securing his capture and extradition. Authorities noted that cooperation from Chinese security agencies remains uncertain, complicating efforts to bring the alleged organizer of the breach into custody.