Virtual Private Network (VPN) applications that are meant to secure user privacy online are becoming an entry point for intrusions. Threat actors often exploit unpatched vulnerabilities in VPN devices. Recently, South Korea’s state-run Korea Atomic Energy Research Institute (KAERI) revealed that its internal network systems were affected after attackers exploited an unpatched VPN system vulnerability after unauthorized parties accessed the systems from 13 external IP addresses.
“The Korea Atomic Energy Research Institute checked the history of access to some systems by an unidentified outsider through the VPN system vulnerability. The attacker’s IP is blocked, and the VPN system security update is applied. Currently, the Atomic Energy Research Institute is investigating the subject of the hacking and the amount of damage, etc., in conjunction with related organizations,” KAERI said.
Korea Atomic Energy Research Institute in Denial
While the intrusion occurred on May 14, KAERI tried to cover up the damage by not revealing it, however, the incident came to light after Sisa Journal reported it. It’s claimed that KAERI initially stated that it did not suffer any cyberattack, but finally confessed when asked about the facts.
“The statement that ‘there was no hacking incident’ was a mistake in the response of the working-level staff, which occurred in a situation where damage was not confirmed during the investigation due to suspected infringement. The Korea Atomic Energy Research Institute apologizes for causing concern to the public due to this hacking accident,” KAERI added.
Commenting on the incident, Assemblyman Ha Tae-Kyung said, “The Ministry of Science, ICT and Future Planning and the Atomic Energy Research Institute all made a false report saying ‘there was no hacking accident’, but when asked about the specific facts, they finally confessed. It is a place that researches and develops key national source technologies such as rods, and the crime of trying to deceive the people by concealing such an important fact (hacking) with a brazen lie is greater.”
North Korea – the Primary Suspect
While the attackers behind the intrusion are unknown, KAERI suspects that it is an act of North Korean state-sponsored hackers. “Currently, the researchers’ investigation into the hacking incident is in progress, and analysis is coming out that it is the work of a North Korean hacking group,” KAERI said.
It is not the first time that South Korea suffered security incidents at the hands of its Northern counterpart. In the recent past, South Korea accused the state-sponsored North Korean threat actor group APT37 of using RokRAT Trojan in a new wave of cyber operations targeted against the South Korean government. The North Korean state actors were also accused of launching a cyberattack against COVID-19 vaccine maker, Pfizer.