“Kimsuky” is known to be a unit within the Reconnaissance General Bureau, the North’s military intelligence agency. The group is believed to be behind the cyber breach of manufacturers of COVID-19 vaccines and treatments, including Britain-based AstraZeneca and South Korea’s Celltrion, last year.
“If the country’s nuclear power and other key technologies have been leaked, it could become a massive security breach following Pyongyang’s hacking of Seoul military cyber command in 2016,” Ha said. KAERI is a government-funded research institute in charge of developing nuclear technology.
SEOUL, June 18 (Yonhap) — South Korea’s state-run nuclear research institute’s computer network was breached by a North Korean cyber attack last month, an opposition lawmaker claimed Friday.
According to Rep. Ha Tae-keung of the main opposition People Power Party, 13 external Internet Protocol (IP) addresses were found to have breached the internal network of the Korea Atomic Energy Research Institute (KAERI) on May 14.
Some of the addresses were traced back to hacking servers of “kimsuky,” a North Korean cyberespionage group.
Ha claimed that some of the IP addresses that breached the KAERI network were found to have used the email address of Moon Chung-in, a former special foreign policy adviser to President Moon Jae-in.
The email account was reportedly hacked in 2018 while Moon was still at Cheong Wa Dae. The presidential office failed to track down the attacker at the time, but in 2020, a local cybersecurity firm reported that “kimsuky” apparently distributed phishing emails targeting the former adviser.
Ha argued that KAERI initially tried to cover up the breach, telling his office that the incident did not take place.
In light of the announcement, KAERI admitted that its internal network was indeed breached but added that it was still investigating who the culprit was and whether its data was actually stolen.
Ha called on the government to probe the case, pointing out that the administration has been hesitant to admit North Korea’s cyberattacks.