Last month, South Korea’s Korea Atomic Energy Research Institute (KAERI) claimed that North Korean threat actors used a VPN vulnerability to breach their internal networks.
The Korea Atomic Energy Research Institute, or KAERI, is a government-sponsored institute in South Korea that conducts nuclear energy research and applications.
The hack was first reported earlier this month by the Sisa Journal, a South Korean news outlet.
KAERI originally affirmed and then denied that the attack took place at the time.
KAERI has now officially verified the attack and apologized for attempting to hide the event.
According to KAERI, the incident took place on May 14th when North Korean threat actors exploited a VPN weakness to access their internal network.
To address the issue, KAERI has upgraded the unnamed VPN equipment. However, according to access logs, the VPN allowed thirteen different illegitimate IP addresses access to the internal network.
One of these IP addresses is tied to a North Korean state-sponsored hacking group known as ‘Kimsuky,’ which is part of the intelligence agency North Korean Reconnaissance General Bureau.
Since KAERI is the country’s largest think tank researching nuclear technology, including reactors and fuel rods, the incident might pose major security threats if any sensitive information was released to North Korea.
According to a KAERI spokesperson, the threat actors gained access to the institute’s network by exploiting a vulnerability in a virtual private network server.
They examined the history of unauthorized access to several systems via the VPN system vulnerabilities.
As a result, the attacker’s IP address is blocked, and the VPN system security update is installed.
The Atomic Energy Research Institute is currently looking into the breach and the extent of the damage.
The South Korean authorities, on the other hand, did not say which VPN vendor was targeted by the threat actors.
Kimsuky (aka Black Banshee, Thallium, Velvet Chollima) is a hacking gang linked to North Korea that was originally discovered by Kaspersky researchers in 2013.
Malwarebytes recently published a research detailing how Kimsuky was aggressively targeting the South Korean government through phishing attacks using the ‘AppleSeed’ backdoor.