A North Korean hacking group with a history of high-profile attacks against South Korea allegedly breached the network of South Korea’s state-run nuclear research institute last month.
Some of the addresses could be traced back to Kimsuky, a North Korean cyber espionage group, Ha claimed.
Representative Ha Tae-keung of the People Power Party, South Korea’s main opposition party, claimed 13 unauthorised IP addresses accessed the internal network of Korea Atomic Energy Research Institute (KAERI) on May 14.
“If the state’s key technologies on nuclear energy have been leaked to North Korea, it could be the country’s biggest security breach, almost the same level as a hacking attack by the North into the defense ministry in 2016,” the lawmaker said.
Prior to its alleged attack against KAERI, the group was thought to have been installing malware inside documents detailing South Korea’s response to the COVID-19 pandemic in 2020.
According to the US Cybersecurity and Infrastructure Security Agency, Kimsuky is an advanced persistent threat group likely tasked by the North Korean regime with a global intelligence-gathering mission, with a focus on foreign policy and national security issues related to the Korean peninsula, nuclear policy, and sanctions.
The group is also thought to be behind a series of phishing attacks in 2019 against the South Korean police and Ministry of Unification. Kimsuky’s most notorious cyber attack was made in 2014 against Korea Hydro & Nuclear Power, South Korea’s nuclear and hydroelectric utility.
On Sunday, local media reports claimed that Daewoo Shipbuilding & Marine Engineering, a supplier of ships and submarines to the South Korean military, has been suffering cyber attacks since last year from groups thought to be run by North Korea. The Defense Acquisition Program Administration, a subagency of the Ministry of National Defense responsible for procuring weapons, confirmed there were attempted hacking attacks against Daewoo last year but denied they were connected with North Korea.
- A squad of North Korean hackers is suspected of being behind the intrusion of the South Korean nuclear institution
- Check all news and articles from the latest Security news updates.