- South Korea’s ‘Korea Atomic Energy Research Institute’ disclosed yesterday that their internal networks were hacked last month by North Korean threat actors using a VPN vulnerability.
- KAERI states that they have updated the undisclosed VPN device to fix the vulnerability. However, access logs show that thirteen different unauthorized IP addresses gained access to the internal network through the VPN.
- One of these IP addresses is linked to a North Korean state-sponsored hacking group known as ‘Kimsuky’ that is believed to work under the North Korean Reconnaissance General Bureau intelligence agency.
- In October 2020, CISA issued an alert on the Kimsuky APT group and stated that they are “likely tasked by the North Korean regime with a global intelligence gathering mission.”
- More recently, Malwarebytes has issued a report on how Kimsuky (aka Thallium, Black Banshee, and Velvet Chollima) has been actively targeting the South Korean government using the ‘AppleSeed’ backdoor in phishing attacks.
– Lawrence Abrams | June 19, 2021