In the latest hacker developments, the Korea Atomic Energy Research Institute (KAERI) of South Korea has newly disclosed that its private, internal systems were hacked by suspected North Korean hackers.
Hacking KAERI:
The Korea Atomic Energy Research Institute in Daejeon, South Korea was established in 1959 as the sole professional research-oriented institute for nuclear power in South Korea and is known for its research and development in various fields.
According to KAERI, the malicious actors attacked the research institute’s internal networks on May 14 by exploiting a vulnerability in an unnamed virtual private network (VPN) vendor.
It involved a cumulative total of 13 IP addresses, out of which, one, tracked as “27.102.114[.]89”, has been identified to be a formerly trailed state-sponsored threat actor named ‘Kimsuky’.
Also read,
Kimsuky (also known as Velvet Chollima and Black Banshee) is a North Korean advanced persistent threat group that is active since 2012 and primarily targets South Korean think tanks, industry, nuclear power operators, and the South Korean Ministry of Unification for espionage purposes. In recent years Kimsuky has expanded its operations to include states such as Russia, the United States, and European nations.
Detecting the malicious activity:
When the hacking activity was detected by KAERI, subsequent action was promptly taken to obstruct the malicious actor’s IP address and enforce the required security fixes to the exploitable VPN.
The news of the hacking attack on KAERI stems from a report from the SISO Journal who disclosed the breach.
It was alleged by the security organization that the agency was trying to veil the hacking incident by attributing it as a consequence of a ” mistake in the response of the working-level staff”, hence denying the incident as well.
Details regarding the exploited vulnerability within the VPN of the KAERI network haven’t really been cleared by the research organization.
However, it is to be noted that unpatched VPN systems from Pulse Secure, SonicWall, Fortinet FortiOS, and Citrix have been subjected to attacks by multiple threat actors in recent years.
