Typically when you hear of news surrounding North Korea, it's not going to be good news. And that remains the case with this story today.
The South Korean Atomic Energy Research Institute (KAERI) recently confirmed that its internal servers had been breached and they suspect a North Korean hacking group to be the culprit.
Here are comments from KAERI on the incident:
"It has been confirmed that a hacking accident occurred at the Korea Atomic Energy Research Institute, and the government authorities are currently investigating.
Currently, the researcher's own investigation into the hacking incident is in progress, and analysis is coming out that it is the work of a North Korean hacking group.
In this process, the researcher even made a move to cover up the hacking."
South Korea Atomic Energy Research Institute hacked
North Korea has a long-standing and persistent interest in atomic energy, specifically nuclear weapon technology.
In 2019, three hacking groups were sanctioned by the U.S. Treasury Department for attempting to steal funds to siphon back into its controversial nuclear weapons program.
This recent attack on KAERI occurred through a vulnerability in the organization's VPN.
In total, 13 different IP addresses were observed to have accessed internal servers through this vulnerability. One of these addresses has been linked to North Korean cyber espionage group Kimsuky.
Here is how KAERI describes the attack:
"The Korea Atomic Energy Research Institute checked the history of access to some systems by an unidentified outsider through the VPN system vulnerability.
In accordance with this, the attacker IP is blocked and the VPN system security update is applied.
Currently, the Atomic Energy Research Institute is investigating the subject of the hacking and the amount of damage, etc., in conjunction with related organizations."
When first asked about the incident, the Institute said there were no security concerns. Now, it is apologizing for its initial comment.
"The statement that 'there was no hacking incident' was a mistake in the response of the working-level staff, which occurred in a situation where damage was not confirmed during investigation due to suspected infringement."
Check back at the SecureWorld News page for updates on the situation.
