Security News > 2021 > June > South Korea's Nuclear Research agency breached using VPN flaw

South Korea's Nuclear Research agency breached using VPN flaw
2021-06-19 17:59

South Korea's 'Korea Atomic Energy Research Institute' disclosed yesterday that their internal networks were hacked last month by North Korean threat actors using a VPN vulnerability.

The Korea Atomic Energy Research Institute, or KAERI, is the governement-sponsored institute for the research and application of nuclear power in South Korea.

KAERI states the attack took place on June 14th after North Korean threat actors breached their internal network using a VPN vulnerability.

Access logs show that thirteen different unauthorized IP addresses gained access to the internal network through the VPN. One of these IP addresses is linked to a North Korean state-sponsored hacking group known as 'Kimsuky' that is believed to work under the North Korean Reconnaissance General Bureau intelligence agency.

More recently, Malwarebytes has issued a report on how Kimsuky has been actively targeting the South Korean government using the 'AppleSeed' backdoor in phishing attacks.

"One of the lures used by Kimsuky named"외교부 2021-05-07" in Korean language translates to "Ministry of Foreign Affairs Edition 2021-05-07" which indicates that it has been designed to target the Ministry of Foreign Affairs of South Korea," explains Malwarebytes' report on the threat actor's recent activities.


News URL

https://www.bleepingcomputer.com/news/security/south-koreas-nuclear-research-agency-breached-using-vpn-flaw/