---
title: "SK Telecom Breach, Massive Ransomware Outage, Beware AI Links | DMARC Report"
description: "South Korea fines SK Telecom after 33 malware strains hit 28 servers, SafePay ransomware downs Ingram Micro, and Netcraft flags risky ChatGPT brand links."
image: "https://dmarcreport.com/og/blog/sk-telecom-breach-massive-ransomware-outage-beware-ai-links.png"
canonical: "https://dmarcreport.com/blog/sk-telecom-breach-massive-ransomware-outage-beware-ai-links/"
---
Quick Answer
South Korea fined SK Telecom about $21,890 (30 million won) and imposed quarterly audits, free USIM swaps, and no-fee cancellations after a joint probe found 33 malware strains across 28 of its 42,000 servers and faulted the carrier for delayed reporting. Ingram Micro confirmed a SafePay ransomware attack just before July 4, took its site offline, and filed an 8-K, with customers in Germany, France, Italy, and Brazil ordering by email and phone. Netcraft found OpenAI's GPT-4.1 returned the correct brand URL only 66 percent of the time across 50 prompts, alongside about 17,000 AI-generated Gitbook phishing pages impersonating support hubs.
Related: [Free DMARC Checker](/tools/dmarc-checker/) ·[How to Create an SPF Record](/tools/spf-record-generator/) ·[SPF Record Format](/blog/spf-format-checker-dos-and-donts-for-email-authentication/)
Share
[ ](https://www.linkedin.com/sharing/share-offsite/?url=undefined%2Fblog%2Fsk-telecom-breach-massive-ransomware-outage-beware-ai-links%2F "Share on LinkedIn") [ ](https://twitter.com/intent/tweet?text=SK%20Telecom%20Breach%2C%20Massive%20Ransomware%20Outage%2C%20Beware%20AI%20Links&url=undefined%2Fblog%2Fsk-telecom-breach-massive-ransomware-outage-beware-ai-links%2F "Share on X/Twitter") [ ](https://www.facebook.com/sharer/sharer.php?u=undefined%2Fblog%2Fsk-telecom-breach-massive-ransomware-outage-beware-ai-links%2F "Share on Facebook") [ ](https://reddit.com/submit?url=undefined%2Fblog%2Fsk-telecom-breach-massive-ransomware-outage-beware-ai-links%2F&title=SK%20Telecom%20Breach%2C%20Massive%20Ransomware%20Outage%2C%20Beware%20AI%20Links "Share on Reddit") [ ](mailto:?subject=SK%20Telecom%20Breach%2C%20Massive%20Ransomware%20Outage%2C%20Beware%20AI%20Links&body=Check out this article: undefined%2Fblog%2Fsk-telecom-breach-massive-ransomware-outage-beware-ai-links%2F "Share via Email")
> The organizations that invest in email authentication early save themselves from expensive incidents later, says Vasile Diaconu, Operations Lead at DuoCircle. We see the pattern constantly: a domain gets spoofed, customers lose trust, and the remediation effort costs 10x what proactive DMARC setup would have cost.
```
DMARC Report
```
SK Telecom Breach, Massive Ransomware Outage, Beware AI Links
```
```
/
```
```
RSS Feed
```
Share
Link
Embed
```
/\*! This file is auto-generated \*/ ’ title=“Embed Code” class=“input-embed input-embed-29413” readonly/>
```
```
Hey people! Welcome to July week 2\. Here comes our fresh dose of cyber bulletin that will keep you up-to-date on the latest cyber incidents and will also **help you protect yoursel**f from potential [cyber scams](https://www.voanews.com/a/un-warns-of-growing-tech-threat-from-southeast-asia-s-cyber-scam-gangs/7813703.html). This week, we will talk about the SK Telecom breach in South Korea that led to penalties being levied. Next, we will focus on the Ingram Micro widespread outage. Lastly, we will discuss the chances of ChatGPT and Perplexity links being potentially malicious.
So, let’s not waste any more time and start with the detailed bulletin.
## SK Telecom breach leads to penalties and stringent legalities
SK Telecom, a mobile telecommunications service provider in **South Korea**, has experienced a [data breach](https://www.infosecurity-magazine.com/news/ahold-delhaize-data-breach-2m/) recently. The government has levied a fine on [SK Telecom](https://www.darkreading.com/cyberattacks-data-breaches/south-korea-imposes-penalties-sk-telecom-breach), as it has “failed to fulfil its obligations” of offering a [secure communication system](https://spacenews.com/intelsat-secures-first-customer-for-communications-system-aimed-at-border-security/) to its users.
A joint public-private investigation has been conducted against the \*\*42,000 servers of SK Telecom. The investigation revealed that \*\*28 of these servers were compromised by 33 distinct malware strains. As a result, the [telecom service provider](https://www.dpstele.com/network-monitoring/telecom/companies.php) will now have to pay USD 21,890 (30 Million Won). The fine has been imposed because SK Telecom significantly delayed the reporting process after the breach. _Apart from the penalty, the telecom service provider is also required to cater to certain stringent legal requirements._ This includes conducting quarterly [security assessments](https://www.legitsecurity.com/aspm-knowledge-base/what-are-security-assessment-reports), enabling subscribers to cancel out the subscriptions without paying any fine, and offering users a free-of-cost [USIM](https://www.dialogic.com/glossary/universal-subscriber-identity-module-usim) swap service.
Yoo Sang-im, the [Minister of Science and Information and Communication Technology](https://en.wikipedia.org/wiki/Ministry%5Fof%5FScience%5Fand%5FICT), believes that this data breach at the \*\*nation’s largest telecom service provider is a staggering reminder of the vulnerability of the telecom industry and related infrastructures to [cyberattacks](https://www.aljazeera.com/news/2025/4/15/china-accuses-us-of-launching-cyberattacks-during-asian-winter-games).
## Ransomware attack responsible for the massive outage at Ingram Micro
[Ingram Micro experienced a ransomware attack](https://www.bleepingcomputer.com/news/security/ingram-micro-outage-caused-by-safepay-ransomware-attack/) on Thursday. The \*\*IT distributor has to bring down its website. The attack was planned strategically just before the 4th of July weekend started. Two days later, Ingram informed customers about the ransomware attack.
Ingram took prompt action to secure the entire system and switched it to offline mode. It also implemented remedial measures. Ingram Micro collaborated with a [cybersecurity](https://dmarcreport.com/blog/major-cybersecurity-trends-that-will-reign-in-2024/) company to investigate the attack further and also reported the breach to [law enforcement](https://www.cbsnews.com/news/fourth-of-july-celebrations-law-enforcement-safety/) agencies.
As of now, the IT distributor is “working diligently” to restore the disrupted services. They have also sincerely apologized for the inconvenience caused to the vendors as well as customers.
Ingram Micro filed an \*\*8K form with the [US Securities and Exchange Commission](https://www.reuters.com/business/us-securities-exchange-commission-names-markets-unit-chief-2025-06-13/) on Saturday.
The \*\*IT distributor has published a dedicated page this Monday to keep all the stakeholders informed about the latest updates around the cyberattack. _They also notified that the subscribers can now place orders by email or phone from multiple countries like Germany, France, Italy, Brazil, and so on_.
As per speculations, the ransomware attack has been carried out by a group called **SafePay**. But official confirmation has not been made yet. So far, the data from Ingram has not been published on the Dark Web yet.
[DMARC](https://dmarcreport.com/), [DKIM](https://dmarcreport.com/what-is-dkim/), and [SPF](https://autospf.com/blog/spf-guide-understanding-sender-policy-framework/) help prevent [phishing and spoofing](https://www.msspalert.com/brief/novel-usps-spoofing-phishing-attack-relies-on-malicious-pdfs), offering vital protection against ransomware threats.
## Beware of clicking on the links shared by ChatGPT and Perplexity
If you search for anything and everything on ChatGPT and Perplexity, then you have to see this!
Netcraft has published a [report](https://www.timesnownews.com/technology-science/links-shared-by-chatgpt-and-perplexity-could-take-you-to-phishing-scam-campaigns-study-article-152216492) that claims AI tools can actually share malicious links that can redirect you to phishing pages. As per the report, OpenAI GPT-4.1 was asked to share 50 band links. The AI tool could share only 66%\*\* correct links. The rest of the links shared were harmful in nature and could have led users to [phishing scams](https://www.businesswire.com/news/home/20250220627260/en/98-of-Business-Leaders-Cant-Spot-a-Phishing-Scam-Tech.co-Report-Reveals).
The report also mentioned about \*\*17 K AI-written Gitbook phishing pages that promote themselves as legitimate support hubs . This may convince the users to trust the [malicious links](https://www.scworld.com/news/new-usps-text-scam-uses-unique-method-to-hide-malicious-pdf-links) as genuine ones and then fall prey to cyberattacks.
Perplexity has also shared the link to a phishing site, as the researchers asked for the URL to Wells Fargo\*\*. Netcraft has observed other malpractices as well, and this is exactly why you should trust the [OpenAI CEO](https://www.livemint.com/news/us-news/openai-ceo-sam-altman-mocks-musk-over-trump-split-elon-busts-up-with-everybody-that-s-what-he-does-11752092595058.html). Recently, he said that users must not trust AI tools blindly.
Sophisticated campaigns are being run by [threat actors](https://cybersecuritynews.com/threat-actors-targeting-local-communities-in-the-u-s/) to “poison” [AI coding](https://www.ibm.com/think/topics/ai-code-generation) assistants. Some of the [cybercrooks](https://wtop.com/local/2025/04/cyber-crooks-scam-dc-md-and-va-out-of-848-million-in-2024/) designed a [malicious API](https://thehackernews.com/2025/02/finaldraft-malware-exploits-microsoft.html) that impersonates the genuine Solana blockchain. Soon, developers mistakenly included it in their projects.\_ The threat actors thus very cleverly managed to channel all transactions directly to their wallets\_.
All these sophisticated tactics by threat actors are a grim reminder that \*\*artificial intelligence is not fail-proof. It is important to use the AI tools responsibly, or you can end up being scammed by a cyberattacker.
## Topics
[ cybersecurity ](/tags/cybersecurity/)[ dkim ](/tags/dkim/)[ DMARC ](/tags/dmarc/)[ News ](/tags/news/)[ SPF ](/tags/spf/)
[ Brad Slavin ](/authors/brad-slavin/)
General Manager
Founder and General Manager of DuoCircle. Product strategy and commercial lead for DMARC Report's 2,000+ customer base.
[LinkedIn Profile →](https://www.linkedin.com/in/bradslavin)
## Take control of your DMARC reports
Turn raw XML into actionable dashboards. Start free - no credit card required.
[Start Free Trial](https://app.dmarcreport.com/) [Check Your DMARC Record](/tools/dmarc-checker/)
## Related Articles
[ Foundational 4m Adidas Data Breach, Whatsapp Image Threat, Silent Ransom Vishing May 29, 2025 ](/blog/adidas-data-breach-whatsapp-image-threat-silent-ransom-vishing/)[ Foundational 4m Africa Fights Cybercrime, Attention Farmers Customers, Apple Prevents Threats Aug 28, 2025 ](/blog/africa-fights-cybercrime-attention-farmers-customers-apple-prevents-threats/)[ Foundational 4m AI Scam Alert, Federal Cuts Vulnerability, American Tire Cyberattack Sep 9, 2025 ](/blog/ai-scam-alert-federal-cuts-vulnerability-american-tire-cyberattack/)[ Foundational 4m Akira flaunts victims, Idaho targets orthodontist, AI granny protects Nov 22, 2024 ](/blog/akira-flaunts-victims-idaho-targets-orthodontist-ai-granny-protects/)
```json
{"@context":"https://schema.org","@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com","logo":{"@type":"ImageObject","url":"https://dmarcreport.com/images/dmarcreport-logo.png"},"description":"DMARC reporting and email authentication management. Monitor aggregate and forensic DMARC reports, analyze authentication results, and enforce DMARC policies across all your domains.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.wikidata.org/wiki/Q138898167","https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.g2.com/products/dmarc-report/reviews","https://github.com/duocircle","https://www.crunchbase.com/organization/duocircle-llc","https://www.trustradius.com/products/duocircle/reviews"],"aggregateRating":{"@type":"AggregateRating","ratingValue":"4.8","reviewCount":"470","bestRating":"5","worstRating":"1","url":"https://www.g2.com/products/dmarc-report/reviews"},"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://dmarcreport.com/support/"},"knowsAbout":["DMARC","DMARC Reporting","DMARC Aggregate Reports","DMARC Forensic Reports","Sender Policy Framework","DKIM","Email Authentication","Email Security","DNS Management","Email Deliverability"]}
```
```json
{"@context":"https://schema.org","@type":"WebSite","name":"DMARC Report","url":"https://dmarcreport.com","description":"DMARC reporting and email authentication management. Monitor aggregate and forensic DMARC reports, analyze authentication results, and enforce DMARC policies across all your domains.","publisher":{"@type":"Organization","name":"DMARC Report","url":"https://dmarcreport.com","logo":{"@type":"ImageObject","url":"https://dmarcreport.com/images/dmarcreport-logo.png"},"description":"DMARC reporting and email authentication management. Monitor aggregate and forensic DMARC reports, analyze authentication results, and enforce DMARC policies across all your domains.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]}}}
```
```json
[{"@context":"https://schema.org","@type":"BlogPosting","headline":"SK Telecom Breach, Massive Ransomware Outage, Beware AI Links","description":"South Korea fines SK Telecom after 33 malware strains hit 28 servers, SafePay ransomware downs Ingram Micro, and Netcraft flags risky ChatGPT brand links.","url":"https://dmarcreport.com/blog/sk-telecom-breach-massive-ransomware-outage-beware-ai-links/","datePublished":"2025-07-11T09:37:33.000Z","dateModified":"2026-04-16T15:53:43.000Z","dateCreated":"2025-07-11T09:37:33.000Z","author":{"@type":"Person","@id":"https://dmarcreport.com/authors/brad-slavin/#person","name":"Brad Slavin","url":"https://dmarcreport.com/authors/brad-slavin/","jobTitle":"General Manager","description":"Brad Slavin is the founder and General Manager of DuoCircle, the company behind DMARC Report, AutoSPF, Phish Protection, and Mailhop. He founded DuoCircle in 2014 and has led the company's growth to 2,000+ customers across its email security product family. Brad's focus is product strategy, customer relationships, and the commercial and compliance side of email authentication (DPAs, SLAs, enterprise procurement).","image":"https://media.mailhop.org/dmarcreport/images/team/brad-slavin.jpg","knowsAbout":["Email Security Strategy","SaaS Product Management","Enterprise Compliance","Customer Success","Email Deliverability Business"],"worksFor":{"@type":"Organization","name":"DMARC Report","url":"https://dmarcreport.com"},"sameAs":["https://www.linkedin.com/in/bradslavin"]},"publisher":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com","logo":{"@type":"ImageObject","url":"https://dmarcreport.com/images/dmarcreport-logo.png"},"description":"DMARC reporting and email authentication management. Monitor aggregate and forensic DMARC reports, analyze authentication results, and enforce DMARC policies across all your domains.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.wikidata.org/wiki/Q138898167","https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.g2.com/products/dmarc-report/reviews","https://github.com/duocircle","https://www.crunchbase.com/organization/duocircle-llc","https://www.trustradius.com/products/duocircle/reviews"],"aggregateRating":{"@type":"AggregateRating","ratingValue":"4.8","reviewCount":"470","bestRating":"5","worstRating":"1","url":"https://www.g2.com/products/dmarc-report/reviews"},"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://dmarcreport.com/support/"},"knowsAbout":["DMARC","DMARC Reporting","DMARC Aggregate Reports","DMARC Forensic Reports","Sender Policy Framework","DKIM","Email Authentication","Email Security","DNS Management","Email Deliverability"]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://dmarcreport.com/blog/sk-telecom-breach-massive-ransomware-outage-beware-ai-links/"},"articleSection":"foundational","keywords":"cybersecurity, dkim, DMARC, News, SPF","wordCount":1089,"image":{"@type":"ImageObject","url":"https://media.mailhop.org/dmarcreport/images/2022/04/dmarc-alignment-6379.jpg","caption":"SK Telecom Breach, Massive Ransomware Outage, Beware AI Links","width":900,"height":600},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}}]
```
```json
{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://dmarcreport.com/"},{"@type":"ListItem","position":2,"name":"Blog","item":"https://dmarcreport.com/blog/"},{"@type":"ListItem","position":3,"name":"Foundational","item":"https://dmarcreport.com/foundational/"},{"@type":"ListItem","position":4,"name":"SK Telecom Breach, Massive Ransomware Outage, Beware AI Links","item":"https://dmarcreport.com/blog/sk-telecom-breach-massive-ransomware-outage-beware-ai-links/"}]}
```