A few weeks ago, a group of threat actors sponsored by the North Korean government reportedly compromised the networks of the South Korean Atomic Energy Research Institute. In this regard, a member of the South Korean political opposition claims that at least 13 unauthorized IP addresses accessed the internal networks of the affected organization.
Ha Tae-keung, of the People’s Power Party, mentions that some of the IP addresses detected are linked to Kimsuky, a sophisticated group of North Korean hackers: “This could be the biggest security breach detected in the country, much more serious than the incident that affected the Defense Ministry a few years ago,” the politician adds.
A report by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) notes that Kimsuky is an advanced hacking group that collaborates with the North Korean government to deploy information and intelligence gathering tasks, especially focused on foreign policy and national security.
Prior to this incident, an expert reported that this group was trying to install malware inside some documents sent to members of this nuclear research agency through a sophisticated phishing campaign. It should be recalled that Kimsuky’s most notorious attack was detected in 2014 and impacted nuclear services and development company Korea Hydro & Nuclear Power.
The organization issued a statement mentioning that threat actors accessed some areas of its IT infrastructure through the abuse of some security flaws in its VPN solutions. To prevent subsequent attacks, the institute blocked its IP and updated its networks in order to prevent the flaws from being exploited again.
This isn’t the only similar incident detected recently. On Sunday, local media claimed that Daewoo Shipbuilding & Marine Engineering, a supplier of ships and submarines to the South Korean military, had suffered multiple cyberattacks over the past year, which continues to generate undesirable consequences.
The Defense Acquisition Program Administration confirmed that there were attempts at hacking attacks against Daewoo last year, though they rule out that these incidents are related to North Korean hacker activity.
To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.
The post North Korean hackers attack nuclear development institute appeared first on Information Security Newspaper | Hacking News.