The South Korean Atomic Research Facility Hack
Spoiler Alert: It was North Korea
South Korea’s government funded Korea Atomic Energy Research Institute (KAERI) was announced by Ha Tae-keung of the parliamentary intelligence committee to have been hacked on May 14, 2021 by North Korean threat actors from the cybercriminal group Kimsuky.
KAERI, located in Daejeon, South Korea, develops nuclear technologies. The hack occurred in May, but it sits uneasily in the minds of those who learn of the situation due to the incident being reported publicly on Friday, June 18, 2021, over a month later. KAERI is quoted as stating the hack was a
However, many feel KAERI and the South Korean government tried to hide the breach and did not announce it until word got out by other means.
How it Happened
The hack is strikingly similar to that of the Colonial Pipeline Company in the United States that also occurred just a week prior on May 7, 2021. In the Colonial Pipeline Hack, the VPN used was a result of information from a prior hack being sold on the Dark Web. Colonial never terminated that VPN account, resulting in a costly almost $5 million ransomware attack orchestrated by threat actors from Darkside wich Colonial Pipeline Company chose to pay. A threat actor is an individual or group of people working to maliciously obtain data and resources in illegal ways online. KAERI was also exposed through a vulnerability in a VPN account. The attack on KAERI used 13 IP Addresses, one of which was linked back to Kimsuky from a prior breach. KAERI blocked all 13 IP addresses and patched their security systems to prevent further attacks to lessen the chance of another VPN vulnerability.
VPN
VPN, or Virtual Private Network, works as a middle man between you and the internet. It creates an encrypted blind spot that is meant to keep you, your IP address, and your data safe. However, it is also a favorite route of entry by hackers as it masks your physical location. It can also be used to access content on websites that is only available in certain geographical locations. Kimsuky was identified because the IP addresses used were able to be seen since they were connected to KAERI’s network. VPN is heavily relied upon at the moment by most companies (especially during the age of work-from-home during the pandemic), but may be in need of a heavy overhaul to make it more secure amidst privacy concerns from multiple major companies and government agencies.
Kimsuky
Kimsuky is well-known in South Korea for having been operating and actively attempting to infiltrate think tanks (research institutes holding some of the country’s most preciously guarded information) since 2012. The group uses technology called AppleSeed to intrude South Korean Windows operating systems.
It is known that Kimsuky has ties to North Korean government officials such as the North Korean Reconnaissance General Bureau (similar to the Central Intelligence Agency in the US), and suspected that he targets nuclear development centers to find a solution to North Korea’s electric power shortage crisis.
According to The Hacker News, Kimsuky recently went after other agencies. These included the
As of June 1, 2021, Kimsuky has still been found to be actively trying to hack into South Korean think tanks. Fore more information on North Korean hacking, this is an excellent article.
Sources and Resources:
https://thehackernews.com/2021/06/north-korea-exploited-vpn-flaw-to-hack.html
https://analyticsindiamag.com/are-vpns-as-safe-as-we-thought/
https://www.newyorker.com/magazine/2021/04/26/the-incredible-rise-of-north-koreas-hacking-army
https://malpedia.caad.fkie.fraunhofer.de/actor/kimsuky
originally posted this article on Medium at https://medium.com/@brittnunez/the-south-korean-atomic-research-facility-hack-e189cc8f7692
About the Creator
Enjoyed the story? Support the Creator.
Subscribe for free to receive all their stories in your feed. You could also pledge your support or give them a one-off tip, letting them know you appreciate their work.
Keep reading
More stories from Brandy Enn and writers in 01 and other communities.
The Colonial Pipeline Hack Timeline and How Ransom Funds were Seized
The Colonial Pipeline Hack On May 7, 2021 Colonial Pipeline Company had its systems hacked. Essentially, they went offline, waited for an arguably long time to contact federal agencies, and released a public statement that they were the victims of ransomware by bad actors from Darkside (members of a cybercriminal group). Ransomware is when a company’s digital property is encrypted (made unreadable) until a monetary demand is met. BTC (Bitcoin) is a cryptocurrency, or digital currency. It’s very popular with ransomware attacks because it can be very difficult to trace. Over the next two days they slowly began searching the nearby grounds and turning on the smaller systems. By Wednesday May 12, 2021 Colonial Pipeline Company was back up and running with pipeline ops.
By Brandy Enn3 years ago in 01
The Art of Work: Valuing Time in the Age of AI
Artificial intelligence isn't going away. You might be excited about that. You might be anxious. Whatever you're feeling, though, AI has become a permanent fixture in our society. As long as there's profit to be made, advancements in AI will shape the next wave of technology.
By Addison Horner23 days ago in 01
POTASSIUM
Certainly! Here's an extensive exploration of potassium: --- ### Potassium: The Essential Element Potassium, symbolized by the letter K on the periodic table, is an essential mineral and electrolyte that plays a vital role in numerous physiological functions within the human body. From nerve function to muscle contraction and maintaining fluid balance, potassium is integral to overall health and well-being. This article delves deep into the properties, functions, dietary sources, health benefits, and potential risks associated with potassium.
By Duru Johnemmanuelabout 11 hours ago in 01
Comments
There are no comments for this story
Be the first to respond and start the conversation.