Nuclear Research Institute Breached by Suspected North Korean Hackers

A South Korean nuclear power research organization has admitted it’s currently investigating a security breach after reports suggested its neighbor to the north may be responsible.  

Lawmaker Ha Tae-keung, who sits on the parliamentary intelligence committee, cited third-party research attributing the May 14 attack to Pyeongyang-backed APT group Kimsuky.

One of 13 IP addresses used to attack the Korea Atomic Energy Research Institute (KAERI) was traced back to the group, which has been in operation since around 2012, according to Reuters.

“The incident could pose serious security risks if any core information was leaked to North Korea, as KAERI is the country's largest think tank studying nuclear technology including reactors and fuel rods,” Ha reportedly said in a statement.

KAERI issued a response on Friday admitting that some systems had been breached by an “unidentified outsider” via a VPN vulnerability. It subsequently blocked the malicious IP address and patched the bug.

“Currently, the Atomic Energy Research Institute is investigating the subject of the hacking and the amount of damage, etc., in conjunction with related organizations,” KAERI added.

The institute said that an earlier statement denying any hacking incident was issued in error, and it apologized for any concern caused to the public by the breach.

North Korea is thought to be well on its way to developing nuclear weapons-grade plutonium after talks led by the US hit a wall in 2019.

According to the US authorities, Kimsuky has been gathering intelligence for the North Korean regime for nearly a decade, focusing on foreign policy and national security issues, including sanctions and nuclear weapons.

In the past, it has been blamed for attacks on organizations including China’s Sejong Institute, the Korea Institute for Defense Analyses (KIDA), and South Korea’s Ministry of Unification.

What’s Hot on Infosecurity Magazine?