Seventy-five corporate leaders and executives were among the targets as South Korean police worked with Thai authorities and Interpol to arrest and repatriate a ringleader from a Bangkok hideout.
The Seoul Metropolitan Police Agency. File. Photo by Asia Today
South Korean police said Thursday they have effectively dismantled a hacking ring accused of targeting celebrities and wealthy individuals, including BTS member Jungkook and corporate leaders, through cloned SIM cards and illegally opened mobile phone accounts.
The Seoul Metropolitan Police Agency’s cyber investigation unit said a Chinese national identified only as A, accused of leading the group, will be referred to prosecutors Friday while in custody on 18 charges, including violations of the Act on the Aggravated Punishment of Specific Economic Crimes.
Police plan to refer two alleged ringleaders and 32 members of the organization to prosecutors.
The group is accused of stealing financial assets from prominent figures and wealthy individuals between May 2022 and April 2025 by cloning SIM cards or opening mobile phone accounts under victims’ names. Police said the group targeted people who were in prison, serving in the military or otherwise unable to quickly detect or respond to the crimes.
Investigators found the group stole personal and financial information from 271 people. Thirteen people were victims of SIM cloning, while 258 were affected by fraudulent SIM activations. Of them, 28 suffered actual or attempted financial losses.
The total damage reached 73.4 billion won, or about $48.7 million, including 25 billion won, or about $16.6 million, in attempted theft.
Among the targets were 75 corporate figures, including 70 chairmen, CEOs and presidents and five executives. Twenty-two were connected to South Korea’s top 100 business groups.
The victims also included 11 politicians, legal professionals and government officials, 12 entertainers and influencers, six athletes, 28 cryptocurrency investors and eight self-employed people.
Among 21 people who suffered actual financial losses were 10 corporate leaders or executives, three entertainers or influencers and three cryptocurrency investors. Seven others, including four corporate leaders and two cryptocurrency investors, were targeted in attempted crimes.
Police described the case as a sophisticated new form of cybercrime that undermined identity verification systems and telecommunications infrastructure. They said freely cloning victims’ SIM cards or opening new SIM accounts to bypass security systems was rare even by global standards.
In the early stages, the organization used victims’ personal information to create so-called “twin SIM cards,” allowing them to intercept text message verification codes and one-time passwords sent to the victims.
After that method was blocked, investigators said the group exploited security gaps in online SIM activation websites to open new mobile phone accounts under victims’ names. Existing identity verification tools, including digital certificates and i-PIN authentication, were also bypassed.
Victims’ bank accounts and cryptocurrency exchange accounts then became targets for theft.
Police said they worked with Thai police and Interpol Korea last year to arrest another alleged ringleader, identified as B, at a hideout in Bangkok and bring him back to South Korea. A, who was with B at the time, was detained locally on charges of illegal stay.
After forensic analysis of evidence seized at the scene, police found A was not a minor accomplice but a co-ringleader of the fraudulent SIM activation operation. A was later brought back to South Korea in May.
Police said they wrapped up the case after a nearly four-year investigation. They also issued an Interpol purple notice to share the group’s methods and prevention information with law enforcement agencies worldwide.
— Reported by Asia Today; translated by UPI
© Asia Today. Unauthorized reproduction or redistribution prohibited.
Original Korean report: https://www.asiatoday.co.kr/kn/view.php?key=20260521010006315
