North Korean hackers breach South Korea’s atomic research agency through VPN bug
South Korean officials said on Friday that hackers believed to be operating out of North Korea breached the internal network of the South Korean Atomic Energy Research Institute (KAERI), the government organization that conducts research on nuclear power and nuclear fuel technology.
In a press conference, a KAERI spokesperson said the intrusion took place last month on May 14, through a vulnerability in a virtual private network (VPN) server.
The name of the VPN server vendor was redacted in documents presented to South Korean press today at a KAERI press conference.
KAERI held a press conference today after news of the hack leaked to reporters earlier this month, and the agency came under criticism for initially denying the intrusion.
News of Kimsuky’s KAERI hack comes after security firm Malwarebytes published a report at the start of the month exposing a Kimsuky spear-phishing campaign that targeted several South Korean government entities, but also the nuclear security officer for the International Atomic Energy Agency (IAEA), a UN organization tasked with nuclear regulations and cooperation.
All North Korean cyber-espionage groups, not just Kimsuky, have all been historically interested in nuclear energy and nuclear arms-related targets, primarily due to the country’s controversial nuclear weapons program.
/https://public-media.si-cdn.com/filer/9f/61/9f610676-9962-4627-ae89-bf59fc6cb735/lod_mosaic_lower_register_web.jpg)
