South Korea's Nuclear Research Agency Hacked 06-20-2021, 12:27 AM
#1
A research agency tasked with nuclear energy was recently breached, using a vulnerability related to VPNs. Supposedly North Korea is behind it. Further proof that organizations need to be aware of every application and possible points of entry when running systems.
Read More: https://www.bleepingcomputer.com/news/se...-vpn-flaw/
Quote:South Korea's 'Korea Atomic Energy Research Institute' disclosed yesterday that their internal networks were hacked last month by North Korean threat actors using a VPN vulnerability.
The Korea Atomic Energy Research Institute, or KAERI, is the governement-sponsored institute for the research and application of nuclear power in South Korea.
The breach was first reported earlier this month when South Korean media Sisa Journal began covering the attack. At the time, KAERI initially confirmed and then denied that the attack occurred.
In a statement and press conference held yesterday by KAERI, the institute has officially confirmed the attack and apologized for attempting to cover up the incident
[...]
KAERI states the attack took place on June 14th after North Korean threat actors breached their internal network using a VPN vulnerability.
KAERI states that they have updated the undisclosed VPN device to fix the vulnerability. However, access logs show that thirteen different unauthorized IP addresses gained access to the internal network through the VPN.
One of these IP addresses is linked to a North Korean state-sponsored hacking group known as 'Kimsuky' that is believed to work under the North Korean Reconnaissance General Bureau intelligence agency..
Read More: https://www.bleepingcomputer.com/news/se...-vpn-flaw/
![[Image: fSEZXPs.png]](https://i.imgur.com/fSEZXPs.png)
![[+]](https://sinister.ly/images/modern/collapse_collapsed.png)