For years, South Korea and North Korea have been at loggerheads with each other, with the latter making multiple attempts towards causing significant damage to the former. And the latest twist in the story, which could have taken an ugly turn if it weren’t for good luck, came to light on Friday, when the Korea Atomic Energy Research Institute (KAERI) in South Korea revealed that it had been a victim of a data hack on June 14, orchestrated by threat actors from North Korea. The perpetrators reportedly made use of a VPN vulnerability in the Institute’s system.
Had Denied Reports at First
The KAERI is sponsored by the country’s national government and is a prime center for researching nuclear power. It had initially denied reports by South Korean media outlet Sisa Journal which shed light on the hack earlier this month. Still, it later decided to address the speculations and confirm the attack.
As such, a press conference was held by KAERI on Friday, along with a statement being released, where the Institute confirmed that governmental authorities are currently in the middle of investigating the attack. The statement further reads that preliminary probes have been hinting towards the involvement of South Korea’s cousin nation. The authority even admits to having tried to cover up the hack.
VPN Vulnerability Proved Costly
The attack on June 14th saw threat actors affiliated with Kim Jong-Un-led North Korea infiltrate the internal networks at KAERI, banking upon a VPN vulnerability. However, the Institute has apparently fixed the vulnerability by updating the VPN device in question. Nevertheless, as many as thirteen unauthorized IP addresses reportedly gained access to the internal networks through the VPN route, as per access logs at the Korea Atomic Energy Research Institute.
And one of these unauthorized addresses has been traced back to Kimsuky, a hacking group that the North Korean government apparently funds. It is believed to work under the country’s intelligence agency banner, known as the North Korean Reconnaissance General Bureau. The group is “likely tasked by the North Korean regime with a global intelligence-gathering mission,” as per an alert issued by the Certified Informations Systems Auditor, or CISA, in 2020.
According to a report issued by Malwarebytes, the South Korean government has recently been under constant phishing attacks at the hands of Kimsuky, mainly using the “AppleSeed” back door.
Source: Bleeping Computer