Home > Attacks & Data Breaches > South Korea’s Atomic Energy Research Institute Breached By North Korea

South Korea’s Atomic Energy Research Institute Breached By North Korea

June 20, 2021
CIM Team

South Korea’s ‘Korea Atomic Energy Research Institute (KEPI) said that their networks were attacked by North Korean hackers using a VPN vulnerability.
KAERI is a government-affiliated institute that carries out research related to nuclear energy in South Korea.
The attack was first reported by South Korea’s Sisa Journal media outlet.
After initially confirming the attack, KAERI then denied that the attack ever took place. In the statement issued yesterday, the institute apologized for trying to conceal the incident.
According to the company, the attack took place on June 14, 2018, after North Korean threat actors exploited a VPN vulnerability in their network. They have fixed the issue and updated the device to prevent unauthorized access. The issue allowed 13 different IP addresses to gain unauthorized access to the network.
One of the IP addresses is linked to a North Korean group known as Kimsuky that works for a North Korean intelligence agency.
In October 2020, the CISA stated that the Kimsuky group (aka Thallium, Black Banshee, and Velvet Chollima) is most likely tasked with gathering intel for the North Korean regime. According to Malwarebytes, Kimsuky and other groups associated with the Korean Resistance have been targeting the South Korean Government using the AppleSeed backdoor.
“One of the lures used by Kimsuky named “외교부 가판 2021-05-07” in Korean language translates to “Ministry of Foreign Affairs Edition 2021-05-07” which indicates that it has been designed to target the Ministry of Foreign Affairs of South Korea,” explains Malwarebytes’ report. “According to our collected data, we have identified that it is one entity of high interest for Kimsuky.”
Malwarebytes states that Kimsuky has targeted other South Korean government agencies in recent phishing attacks, including:
Ministry of Foreign Affairs, Republic of Korea 1st Secretary
Ministry of Foreign Affairs, Republic of Korea 2nd Secretary
Trade Minister
Deputy Consul General at Korean Consulate General in Hong Kong
International Atomic Energy Agency (IAEA) Nuclear Security Officer
Ambassador of the Embassy of Sri Lanka to the State
Ministry of Foreign Affairs and Trade counselor
According to KAERI, they are still investigating the incident to confirm what information was accessed.

About the author

CIM Team

CyberIntelMag is the trusted authority in cybersecurity, comprised of leading industry experts for over 20 years, dedicated to serving cybersecurity professionals. Our goal is to provide a one-stop shop for knowledge and insight needed to navigate throughout today’s emerging cybersecurity landscape through in-depth coverage of breaking news, tutorials, product reviews, videos and industry influencers.

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.

Necessary

Always Enabled

Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.

Cookie	Duration	Description
cookielawinfo-checbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Functional

Performance

Analytics

Others

South Korea’s Atomic Energy Research Institute Breached By North Korea

About the author

CIM Team

Share:

Related ARTICLES

CaTEGORIES

Quick Nav

South Korea’s Atomic Energy Research Institute Breached By North Korea

About the author

CIM Team

Share:

Related ARTICLES

Weekly Cyber Threat Report, May 22-26, 2023

Devastating DDoS Attacks Launched Against Gaming Industry by Dark Frost Botnet

Israeli Logistics Sector Attacked by Iranian Tortoiseshell Hackers

GoldenJackal: New Threat Gang Attacking South Asian And Middle Eastern Governments

CaTEGORIES

Quick Nav