South Korea's Nuclear Research agency hacked using VPN flaw
South Korea's 'Korea Atomic Energy Research Institute' disclosed yesterday that their internal networks were hacked last month by North Korean threat actors using a VPN vulnerability.
The Korea Atomic Energy Research Institute, or KAERI, is the governement-sponsored institute for the research and application of nuclear power in South Korea.
The breach was first reported earlier this month when South Korean media Sisa Journal began covering the attack. At the time, KAERI initially confirmed and then denied that the attack occurred.
In a statement and press conference held yesterday by KAERI, the institute has officially confirmed the attack and apologized for attempting to cover up the incident.
KAERI states the attack took place on June 14th after North Korean threat actors breached their internal network using a VPN vulnerability.
KAERI states that they have updated the undisclosed VPN device to fix the vulnerability. However, access logs show that thirteen different unauthorized IP addresses gained access to the internal network through the VPN.
