Kimsuky, a North Korea-linked APT group, is believed to have breached South Korea’s atomic research agency. The targeted agency is identified as Korea Atomic Energy Research Institute (KAERI). The APT group had breached the internal network by exploiting a VPN vulnerability.
What has happened?
The security breach first took place on May 14 and the research agency spotted it on May 31. The research agency informed the government about the breach and launched an investigation.
- According to KAERI, unknown outsiders accessed systems by exploiting a VPN system vulnerability. However, the attacker’s IP is blocked and an update to the VPN system was applied.
- South Korean authorities did not reveal which VPN vendor was targeted by the attackers. The VPN server vendor was redacted in documents shown at a KAERI press conference.
- Further, the investigation into the intrusion exposed the involvement of 13 internet addresses. Out of these, one of the internet addresses was traced back to the Kimsuky APT group.
Kimsuky APT group
Kimsuky is believed to work under the North Korean Reconnaissance General Bureau intelligence agency and is known to carry out global intelligence gathering missions. The group was first spotted by Kaspersky researchers in 2013. Last October, the US-CERT issued a report on Kimusky’s recent activities that provided information on its TTPs and infrastructure.
- A month ago, researchers issued a report on the group’s operations targeting the South Korean government. It was observed conducting spear-phishing attacks to deliver the AppleSeed backdoor.
- Kimsuky is known to target multiple organizations and think tanks based in South Korea. In addition, other victims were mostly discovered in the U.S. and Europe.
Conclusion
Even though the North Korean APT group is suspected to be behind the recent attack on KAERI, an official leading the investigation found no concrete evidence to link the intrusion to North Korea. Moreover, nuclear energy and arms-related organizations are under attack from several other APT groups across the globe. They are recommended to tighten up their security to avoid any unfortunate cyber incidents.
Publisher
/https://cyware-ent.s3.amazonaws.com/image_bank/shutterstock_381822505.jpg)
/https://cyware-ent.s3.amazonaws.com/image_bank/shutterstock_122907763.jpg)
