Security News > 2021 > June > South Korea’s nuclear research agency breached by North Korea-affiliated cyberattackers, says malware analyst group
South Korean officials have admitted that government nuclear think tank Korea Atomic Energy Research Institute was hacked in May 2021 by North Korea's Kimsuky group.
Malware analyst group IssueMakersLab said in a report that it detected an attack on KAERI on May 14th. The attack saw incoming heat from 13 internet addresses, of which one was traceable to Kimsuky.
According to the US Cybersecurity and Infrastructure Security Agency, the group is believed to be a North Korean global intelligence gathering mission, operating since 2012.
The group - which also goes by Velvet Chollima, Black Banshee, and Thallium - is believed responsible for numerous malware attacks, and in the past has targeted South Korean COVID-19 vaccine researchers and nuclear reactors.
South Korean news agency Yonhap has reported that the KAERI network was breached using an email address from President Moon Jae-in's former advisor, Moon Chung-in, that was acquired during a 2018 Kimsuky-attributed cyberattack.
Earlier this month, Malwarebytes reported a number of attacks on South Korean universities, government officials, and companies in South Korea, and attributed them to Kimsuky.
News URL
https://go.theregister.com/feed/www.theregister.com/2021/06/21/south_koreas_nuclear_think_tank/
Related news
- South Korea Fines Meta $15.67M for Illegally Sharing Sensitive User Data with Advertisers (source)
- Officials warn of Russia's tech-for-troops deal with North Korea amid Ukraine conflict (source)
- US charges Phobos ransomware admin after South Korea extradition (source)
- North Korea's fake IT worker scam hauled in at least $88M over six years (source)
- Lazarus Group Spotted Targeting Nuclear Engineers with CookiePlus Malware (source)