The Korea Atomic Energy Research Institute confirmed it was hit by a hack earlier this month. An unauthorized person gained access to the nuclear agency’s systems through a VPN vulnerability. The Kaeri is still investigating what the attackers had access to.
Korean media already wrote about the hack at the nuclear agency last week, but Kaeri initially denied it. The agency has now confirmed with a statement on its site that the hack has indeed taken place. The denial would have been a mistake by an employee.
According to the statement, Kaeri has seen in the logs of its systems that there was unauthorized access on June 14. The attacker would have entered via a VPN vulnerability, but the agency does not say which vulnerability or VPN it is. The Kaeri is South Korea’s national nuclear agency that conducts research into nuclear energy.
After the discovery, the leak was sealed and the attacker’s IP blocked, the agency said. The Kaeri is investigating the incident with investigative authorities and says it has yet to determine the extent of any damage. It is unknown what the attackers had access to.
In a presentation, it gave Kaeri more details about the attack, BleepingComputer writes. In it, the agency indicated that a detected IP is linked to the Kimsuky hacker group, which the government of North Korea is said to be behind.