South Korea’s ‘Korea Atomic Energy Research Institute’ disclosed yesterday that their internal networks were hacked last month by North Korean threat actors using a VPN vulnerability. The institute has officially confirmed the attack and apologized for attempting to cover up the incident. One of these IP addresses is linked to a North Korean state-sponsored hacking group known as ‘Kimsuky’ that is believed to work under the North Korean Reconnaissance General Bureau intelligence agency. In October 2020, CISA issued an alert on the Kimsuky APT group and stated that they are “likely tasked by the North Korea regime with a global intelligence gathering mission”””
Source: https://www.bleepingcomputer.com/news/security/south-koreas-nuclear-research-agency-hacked-using-vpn-flaw/