The Korea Atomic Energy Research Institute (KAERI) in Daejeon, South Korea revealed last week that malicious actors from North Korea managed to break through their security by means of a VPN vulnerability.
Cybersecurity firm IssueMakersLab in Seoul determined that one of thirteen unauthorized IP addresses involved in the breach dated May 14 belonged to Kimsuky, a North Korean group that has targeted South Korean assets in the past to gather top-secret information.
The group is believed to be working for the North Korean Reconnaissance General Bureau intelligence agency. The group also previously targeted pharmaceutical firms for COVID-19 vaccine information.
As a think tank on nuclear power research and development, KAERI is a prime target for espionage. Ha Tae-keung, a member of South Korea’s parliamentary intelligence committee, believes the attack could lead to dire security risks if the hackers successfully stole core information.
In a statement, KAERI said they already fixed the VPN vulnerability and upgraded its security measures.