South Korea nuclear secrets exposed via VPN vulnerability

News
By
published

Keep your Internet-exposed devices patched and updated

scammers
(Image credit: Shutterstock / Brazhyk)

A South Korean Government-sponsored institute for the research and application of nuclear power has acknowledged its network was infiltrated using an undisclosed VPN vulnerability.

The Korea Atomic Energy Research Institute (KAERI) pinned last month’s attack on state-sponsored threat actors from North Korea, having initially acknowledged, and then denied being attacked.

Now, the institute has once again changed its position, having not only now officially confirmed the attack, but has also apologized for initially attempting to cover up the breach.

Undisclosed vulnerability

In press statements, KAERI states that on June 14, North Korean threat actors breached its internal network using a VPN vulnerability, without sharing any other details.

Analyzing these access logs revealed that thirteen different unauthorized IP addresses gained access to KAERI’s internal network by exploiting the VPN vulnerability. The institute reportedly claims that it has now updated the breached VPN device to patch the vulnerability. 

As per reports, KAERI claims that one of the unauthorized IP addresses belongs to the hacking group called Kimsuky, which is thought to work under the aegis of the North Korean Reconnaissance General Bureau intelligence agency.

Bleeping Computer shares that Kimsuky has been on the radar of american law enforcement agencies as well, with the Cybersecurity and Infrastructure Security Agency (CISA) issuing an alert on Kimsuky’s purported “global intelligence gathering” mandate.

The confirmation of the breach once again highlights the importance for small and midsize businesses (SMBs) to keep all their Internet-facing devices such as routers updated. They should in fact frame and implement guidelines to immediately review and install any security updates for all such publicly exposed devices.

Via BleepingComputer

Mayank Sharma
Mayank Sharma

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’s TechRadar Pro’s expert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.

Read more
Computer Hacked, System Error, Virus, Cyber attack, Malware Concept. Danger Symbol
China-linked cyberespionage group PlushDaemon used South Korean VPN service to inject malware
A VPN runs on a mobile phone placed on a laptop keyboard
Major new online tunneling vulnerability could put millions of devices at risk
vpn
Ivanti warns another critical security flaw is being attacked
vpn
Nominet says it was hit by cyberattack following recent Ivanti VPN security issue
Hacker silhouette working on a laptop with North Korean flag on the background
North Korean Lazarus hackers are targeting nuclear workers
malware
Google warns of legit VPN apps being used to infect devices with malware
Latest in VPN Privacy & Security
Homepage of CloudFlare website on the display of PC, url - CloudFlare.com.
"Network blocking is never going to be the solution" – Cloudflare slams anti-piracy tactics
Panels at RightsCon 2025 during a press briefing about the latest Access Now report of internet shutdowns
2024 was the worst year on record for internet freedoms – again
Vector illustration of the word Censored in a glitch distorted style
Google, Apple, and internet restriction – how Big Tech is making censorship "much worse" according to experts
Google TV onscreen interface showing streaming apps
Why do streaming services geo-restrict content?
Pirate key on computer keyboard
Italy to require VPN and DNS providers to block pirated content
piracy
Canal+ wants to block VPN usage – and VPN providers are fuming
Latest in News
Google Gemini iPhone Lock Screen
You can now access Gemini from your iPhone's lock screen
Michelle, Keats, and Doctor Amherst looking unimpressed and worried in The Electric State
Netflix drops trailer for The Electric State, and I'm getting serious District 9 vibes
YouTube TV
YouTube TV might be planning a big Netflix update that puts the best streaming services first
Google Pixel 9 Pro
Here are the 7 best Pixel 9 and Pixel Watch 3 features landing in March’s Pixel Feature Drop
Bang & Olufsen Beogram 4000C Saint Laurent Rive Droite Edition
Bang & Olufsen's latest reworked turntable is a masterpiece of retro revival, in a breathtaking wooden presentation box
Apple Watch Series 10
Apple unveils new Apple Watch bands – here's what's in the Spring 2025 collection
More about vpn privacy security
Homepage of CloudFlare website on the display of PC, url - CloudFlare.com.

"Network blocking is never going to be the solution" – Cloudflare slams anti-piracy tactics
Google TV onscreen interface showing streaming apps

Why do streaming services geo-restrict content?

A business woman looking at AI on a transparent screen

Businesses are facing an "AI Divide" - which could be the difference between success and failure
See more latest
Most Popular
A business woman looking at AI on a transparent screen
Businesses are facing an "AI Divide" - which could be the difference between success and failure
Google Gemini iPhone Lock Screen
You can now access Gemini from your iPhone's lock screen
Apple Vision Pro with Dassault Systèmes 3DEXPERIENCE platform
Dassault Systèmes teams up with Apple to use Vision Pro headsets to bring spatial CAD to life
Samsung 18.1-inch foldable OLED monitor
Samsung has launched a flexible portable monitor complete with a briefcase, one that seems to come straight from a James Bond movie
GenMachine Zhi mini pc
This is the smallest AMD PC I've ever seen: mysterious manufacturer uses Ryzen 3 APU with surprising results
Beelink ME Mini
One of our favorite mini PC vendors has launched a NAS that looks a bit like Apple's PowerMac G4 Cube PC - but way smaller
Michelle, Keats, and Doctor Amherst looking unimpressed and worried in The Electric State
Netflix drops trailer for The Electric State, and I'm getting serious District 9 vibes
YouTube TV
YouTube TV might be planning a big Netflix update that puts the best streaming services first
Maserati MC20 Autonomous
This AI-driven Maserati just hit 197.7mph without a human behind the wheel
AI data center
Is Microsoft hesitating on AI? Days after CEO said it would be upping capacity, analyst claims tech giant has actually cancelled data center leases