The Korea Atomic Energy Research Institute (KAERI) in Daejeon, South Korea revealed last week that malicious actors from North Korea managed to break through their security by means of a VPN vulnerability.
Cybersecurity firm IssueMakersLab in Seoul determined that one of thirteen unauthorized IP addresses involved in the breach dated May 14 belonged to Kimsuky, a North Korean group that has targeted South Korean assets in the past to gather top-secret information.
- VPN: What is it and why do you need one?
- A hacked or data-breached company is no laughing matter
The group is believed to be working for the North Korean Reconnaissance General Bureau intelligence agency. The group also previously targeted pharmaceutical firms for COVID-19 vaccine information.
As a think tank on nuclear power research and development, KAERI is a prime target for espionage. Ha Tae-keung, a member of South Korea’s parliamentary intelligence committee, believes the attack could lead to dire security risks if the hackers successfully stole core information.
In a statement, KAERI said they already fixed the VPN vulnerability and upgraded its security measures.