June 6, 2023

South Korea’s state-run Korea Atomic Energy Research Institute (KAERI) disclosed that its internal network was infiltrated by suspected attackers operating out of its northern counterpart.

The intrusion is said to occured on May 14 through a vulnerability in an unnamed VPN vendor and involved a total of 13 IP addresses, one of which “27.102.114[.]89” has been previously linked to a state-sponsored threat actor dubbed Kimsuky.

Following the intrusion, authorities took steps to block the attacker’s IP addresses in question and applied necessary security patches to the vulnerable VPN solution. “Currently, the Atomic Energy Research Institute is investigating the subject of the hacking and the amount of damage,” the entity said in a statement.

The development comes following a report from SISA Journal, which disclosed the breach, alleging that the agency was attempting to cover up the hack by denying such an incident took place. KAERI attributed it to a “mistake in the response of the working-level staff.”Kimsuky (aka Velvet Chollima, Black Banshee, or Thallium) is a North Korean threat actor known for its cyberespionage campaigns targeting think tanks and nuclear power operators in South Korea.

Kimsuky is a North Korean threat actor known for its cyberespionage campaigns targeting think tanks and nuclear power operators in South Korea.

A wave of attacks undertaken by the adversary to strike by installing an Android and Windows backdoor called AppleSeed for amassing valuable information. Researches noted

Prevent Data Breaches

The targeted entities involved the Ministry of Foreign Affairs, Ambassador of the Embassy of Sri Lanka to the State, International Atomic Energy Agency (IAEA) Nuclear Security Officer, and the Deputy Consul General at Korean Consulate General in Hong Kong, with the aforementioned IP address used for C2C

It is not immediately clear what VPN vulnerability was exploited to breach the network. But it’s worth noting that unpatched VPN systems from Pulse Secure, SonicWall, Fortinet FortiOS, and Citrix have been subjected to attacks by multiple threat actors in recent years.

Tags:

1 thought on “North Korea Exploits South Korea

  1. Pingback: Gold Dragon Backdoor - TheCyberThrone

Leave a Reply

Related Post

Kaseya gets the Decryptor

Kaseya gets the Decryptor

July 23, 2021
Saudi Aramco Data Breach

Saudi Aramco Data Breach

July 20, 2021

You may have missed

Moveit Attributed to Lace Tempest

Moveit Attributed to Lace Tempest

June 6, 2023
Byte Code Bites PYPI

Byte Code Bites PYPI

June 5, 2023
Enzo Biochem Suffers a Data Breach

Enzo Biochem Suffers a Data Breach

June 5, 2023
BlackSuit Ransomware Dissection

BlackSuit Ransomware Dissection

June 4, 2023
TheCyberThrone CyberSecurity Newsletter Top 5 Articles – May, 2023

TheCyberThrone CyberSecurity Newsletter Top 5 Articles – May, 2023

June 4, 2023
Cisco buys Armorblox

Cisco buys Armorblox

June 3, 2023
%d bloggers like this: