The South Korean Atomic Energy Research Institute (KAERI) has confirmed it was victim of a cyberattack. In a statement, South Korea's state-run nuclear research institute said that a third party gained access to its computer systems using a VPN vulnerability.
The breach came to light earlier this month when South Korean lawmaker Ha Tae-keung revealed that KAERI’s internal systems were breached by a North Korean hacking group known as Kimsuky. The think tank initially denied the claims, but later officially confirmed the attack and apologized for an attempt to cover up the incident.
According to a KAERI spokesperson, the hack took place on May 14 and involved a vulnerability in a virtual private network (VPN) server. Unauthorized access was made from 13 IPs, some of which were linked to attack infrastructure used by Kimsuky (aka Black Banshee, Velvet Chollima, and Thallium), a North Korea-linked cyber-espionage group with history of targeting of South Korean think tanks, industry, and nuclear power operators. In recent years Kimsuky, believed to have been active since at least 2012, has expanded its operations to include states such as Russia, the United States, and European nations.
KAERI did not reveal which VPN vendor was targeted by the threat actors but said that the affected VPN device was updated to fix the vulnerability.
“Currently, the Atomic Energy Research Institute is investigating the subject of the hacking and the amount of damage,” the institute said.