South Korea nuclear secrets exposed via VPN vulnerability

scammers
(Image credit: Shutterstock / Brazhyk)

A South Korean Government-sponsored institute for the research and application of nuclear power has acknowledged its network was infiltrated using an undisclosed VPN vulnerability.

The Korea Atomic Energy Research Institute (KAERI) pinned last month’s attack on state-sponsored threat actors from North Korea, having initially acknowledged, and then denied being attacked.

Now, the institute has once again changed its position, having not only now officially confirmed the attack, but has also apologized for initially attempting to cover up the breach.

Undisclosed vulnerability

In press statements, KAERI states that on June 14, North Korean threat actors breached its internal network using a VPN vulnerability, without sharing any other details.

Analyzing these access logs revealed that thirteen different unauthorized IP addresses gained access to KAERI’s internal network by exploiting the VPN vulnerability. The institute reportedly claims that it has now updated the breached VPN device to patch the vulnerability. 

As per reports, KAERI claims that one of the unauthorized IP addresses belongs to the hacking group called Kimsuky, which is thought to work under the aegis of the North Korean Reconnaissance General Bureau intelligence agency.

Bleeping Computer shares that Kimsuky has been on the radar of american law enforcement agencies as well, with the Cybersecurity and Infrastructure Security Agency (CISA) issuing an alert on Kimsuky’s purported “global intelligence gathering” mandate.

The confirmation of the breach once again highlights the importance for small and midsize businesses (SMBs) to keep all their Internet-facing devices such as routers updated. They should in fact frame and implement guidelines to immediately review and install any security updates for all such publicly exposed devices.

Via BleepingComputer

Mayank Sharma

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’s TechRadar Pro’s expert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.