South Korean officials said that hackers believed to be operating out of North Korea breached the internal network of the South Korean Atomic Energy Research Institute (KAERI), the government organization that conducts research on nuclear power and nuclear fuel technology.
According to Ha Tae-Kyung on June 17, according to the Office of the People’s Power, a hacking attack occurred on the Korea Atomic Energy Research Institute on May 14. Through the vulnerability of the virtual private network (VPN) system, the history of accessing the internal server by an ‘unidentified’ outsider was confirmed.
Specifically, unauthorized access was made from 13 external Internet addresses (IPs). “As soon as we recognized the attack, we took measures to block the attacker’s IP and updated the security system,” the researcher said. “We are currently investigating the specific damage situation.”
In a press conference, a KAERI spokesperson said the intrusion took place last month on May 14, through a vulnerability in a virtual private network (VPN) server. Thirteen different IPs were seen abusing the vulnerability and accessing the organization’s internal network.
One of these IP addresses was linked to attack infrastructure used by Kimsuky, a North Korean cyber-espionage group.
The name of the VPN server vendor was redacted in documents presented to South Korean press today at a KAERI press conference.
North Korean hacking groups are classified into ‘Kim Soo-ki’, ‘Lazarus’, and ‘APT38’. If you analyze the similarity of the hacking codes they use, you can find out which hacking group they are. A cybersecurity expert said, “The pattern characteristically used by the Kim Soo-ki group was also found in the researcher hacking case.”
In a statement and press conference held by KAERI, the institute has officially confirmed the attack and apologized for attempting to cover up the incident.
