[BreachExchange] 'North Korea hacked into South Korean nuclear energy institute'

Sophia Kingsbury sophia.kingsbury at riskbasedsecurity.com
Fri Jun 18 11:41:15 EDT 2021


https://www.koreatimes.co.kr/www/nation/2021/06/103_310722.html

South Korea's state-run institute dealing with nuclear-related technology
was the target of an attack by a group of North Korean hackers, main
opposition People Power Party lawmaker Ha Tae-keung said Friday.

According to the lawmaker, 13 unauthorized IP addresses accessed the
intranet system of the Korea Atomic Energy Research Institute, May 14.

IssueMakersLab, a Seoul-based group of malware analysts, tracked the IP
addresses and found some of them were linked to the server of "kimsuky,"
which is believed to be a state-backed North Korean hacking group, Ha said.

The cyber espionage group has been detected in previous hacking attacks
targeting South Korean government organizations and is believed to have
attempted to gain access to the cyber networks of global companies
developing COVID-19 vaccines last year.

Ha also said some of the IP addresses used the email ID of Moon Chung-in,
former foreign and security affairs adviser to President Moon Jae-in. The
former adviser's email addresses were hacked in 2018.

"If the state's key technologies on nuclear energy have been leaked to
North Korea, it could be the country's biggest security breach, almost the
same level as a hacking attack by the North into the defense ministry in
2016," the lawmaker said in a press briefing at the National Assembly.

He said the institute initially told him there was no hacking incident,
claiming it attempted to cover up the case.

In response to Ha's claim, the institute admitted to the hacking attack,
but said an investigation is taking place to see if North Korea was really
behind it, what information the hackers tried to access, and whether the
hackers really stole any information from the institute.

The National Intelligence Service also said it is investigating the case
with relevant government organizations.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20210618/742a8c7f/attachment.html>


More information about the BreachExchange mailing list