N Korean hackers used VPN flaws to breach S Korean atomic agency

N Korean hackers used VPN flaws to breach S Korean atomic agency

Korea Atomic Energy Research Institute (KAERI), which is a government-owned organization in South Korea, has disclosed that its internal network was targeted by cybercriminals possibly operating from North Korea.


The KAERI is a Seoul-funded research institute established in 1959. It is located in Daejeon and is responsible for designing and developing nuclear technologies for fuel rods, reactors, radiation fusion, and nuclear safety.


It is reported that the organization was targeted by hackers in May, due to which Pyongyang might have acquired valuable technologies.


Attack Detected in Mid-May


According to KoreaDaily, the attack was detected on 14 May. The attackers’ IP addresses were linked to Kimsuky hacking unit, which is associated with North Korea‘s Reconnaissance General Bureau.


For your information, Kimsuky is also known as Black Banshee, Velvet Chollima, and Thallium. It is a North Korean threat group known for cyberespionage campaigns against South Korean think tanks and nuclear power operators. In March 2015, Kimsuky operators were also blamed for hacking South Korean nuclear plants and sensitive data leaks.

About the Attack


Reportedly, the attackers exploited a vulnerability present in an unidentified VPN (virtual private network) vendor. As many as 13 IP addresses linked to the attackers were identified, including 27.102.114[.]89, which was previously linked to Kimsuky state-sponsored hacking group.





Image source: KAERI



Afte ..

Support the originator by clicking the read the rest link below.