A South Korean Government-sponsored institute for the research and application of nuclear power has acknowledged its network was infiltrated using an undisclosed VPN vulnerability.
The Korea Atomic Energy Research Institute (KAERI) pinned last month’s attack on state-sponsored threat actors from North Korea, having initially acknowledged, and then denied being attacked.
Now, the institute has once again changed its position, having not only now officially confirmed the attack, but has also apologized for initially attempting to cover up the breach.
- Here’s our list of the best VPN services
- We’ve also rounded up the best business VPN services
- And, these are the best VPN services for Windows 10
In press statements, KAERI states that on June 14, North Korean threat actors breached its internal network using a VPN vulnerability, without sharing any other details.
Analyzing these access logs revealed that thirteen different unauthorized IP addresses gained access to KAERI’s internal network by exploiting the VPN vulnerability. The institute reportedly claims that it has now updated the breached VPN device to patch the vulnerability.
As per reports, KAERI claims that one of the unauthorized IP addresses belongs to the hacking group called Kimsuky, which is thought to work under the aegis of the North Korean Reconnaissance General Bureau intelligence agency.
Bleeping Computer shares that Kimsuky has been on the radar of american law enforcement agencies as well, with the Cybersecurity and Infrastructure Security Agency (CISA) issuing an alert on Kimsuky’s purported “global intelligence gathering” mandate.
The confirmation of the breach once again highlights the importance for small and midsize businesses (SMBs) to keep all their Internet-facing devices such as routers updated. They should in fact frame and implement guidelines to immediately review and install any security updates for all such publicly exposed devices.
- Also take a look at our roundup of the best VPN services for Mac devices