South Korea’s KAERI’s Internal Networks Hacked, Kimsuky Reportedly Behind The Cyberattack.

KAERI-‘Korea Atomic Energy Research Institute’ revealed on Friday the 18th that their networks were under cyber attack mostly which were caused by North Korean intelligence spies who attacked those networks through a weakened Virtual private network VPN.

The breach first occurred on May 14, but the attack was denied by the institute even though Sisa Journal published it.

Later in a meeting conducted on Friday KAERI  officially disclosed about the attack and even expressed regret for denying the attack.

KAERI -‘Korea Atomic Energy Research Institute’ is subsidized by the government is an institute focused on the development of Korea and engages in activities such as research and studies related to nuclear power and nuclear projects in the home country-South Korea.

KAERI did express about the cyberattack which occurred on June 14 2021 where North Korean hackers used unethical ways to get personal information and attacked the networks. 13 IP addresses were uncertified that hacked the network using the weakened VPN. One of those 13 IP addresses belonged to a group named Kimsuky famous for their cyberattacks and for keeping a keen eye on the nuclear operations of South Korea. This group is financed by the state is works on gathering information relates to missions carried by other countries especially South Korea. It closely associated with the  North Korean Reconnaissance General Bureau intelligence agency.

The CISA also discussed how the group is involved in collecting personal/private information and also gathers information related to intelligence projects carried by other countries. 

Malware bytes and anti-malware software lately issue shed a report regarding Kimsuky unethical activities. This group has been engaged in victimizing the South Korean government.

Kimsuky is also known as Thallium, Black Banshee, and Velvet Chollima. 

The report published by Malwarebytes Also describes how Kimsuky uses lures like “외교부 가판 2021-05-07” which is a Korean term that translates to “Ministry of Foreign Affairs Edition 2021-05-07” which clearly states how the group creates certain plans and codes and uses them to gain personal details of prestigious organizations like Ministry of Foreign Affairs.

Malwarebytes also talks about how The  Ministry of Foreign Affairs has been a keen organization for Kimsuky to spy on.

Malwarebytes also claimed that Kimsuky has been engaged in collecting information of other well-known organizations and bodies and uses the information for serving their own country North Korea.

KAERI is still trying to identify and those 13 IP addresses and analyze the information gathered by these IPs.

A lot of other North Korean groups similar to Kimsuky have had a keen interest in the internal affairs of South Korea such as their nuclear projects, nuclear power, etc, as North Korea itself has been working on many nuclear projects.

Kimsuky has also been found guilty for inducting malware inside documents regarding South Korea’s response to covid 19. The infamous Kimsuky attack was made in 2014 by Korea Hydro & Nuclear Power, South Korea’s nuclear and hydroelectric utility.

The main reason for the networks to get hacked was due to a weakened VPN. Thus the institute proceeded with cutting off the IP and then updating the system itself. The institute is still investigating the damage being done and how much data has been lost to those hackers.

There were many reports for the claim of cyber attack from North Korea on the different businesses of South Korea, one of them being, Daewoo Shipbuilding & Marine Engineering, which has faced several attacks, and the group behind the attack was claimed to be one from North Korea. The claims were strongly denied by the defense of North Korea yet the truth is still to be unveiled and the accusations remain intact from the opposing party.