• NorKs cyber-crack S. Korean nuclear think tank

    From Big Bad Bob@21:1/5 to All on Mon Jun 21 11:35:13 2021

    "South Korean officials have admitted that government nuclear think tank
    Korea Atomic Energy Research Institute (KAERI) was hacked in May 2021 by
    North Korea’s Kimsuky group. The Korean news outlet that broke the story
    has accused KAERI of a cover-up."

    "Malware analyst group IssueMakersLab said in a report that it detected
    an attack on KAERI on May 14th. The attack saw incoming heat from 13
    internet addresses, of which one was traceable to Kimsuky."

    "The Kimsuky group" "is believed to be a North Korean global
    intelligence gathering mission, operating since 2012 [and] is believed responsible for numerous malware attacks, and in the past has targeted
    South Korean COVID-19 vaccine researchers and nuclear reactors."

    "The group often uses phishing to mimic websites like GMail, Outlook,
    Telegram and more. The group then installs Android and Windows backdoor “AppleSeed” to collect information."

    I've been seeing a lot of strange phishing lately, claiming that I have
    7 undelivered e-mail messages from my domain admin (NOTE: I am the one
    who admins my e-mail domain) and things of that nature. Basically look
    at the link, and if it does NOT point to something you know, do not
    click [and do *NOT* repeat *NOT* view e-mail as HTML, *EVAR*, as it will
    most likely hide the true link destination from view]

    "Korea’s Ministry of Science and ICT (MSIT) said a vulnerability in a
    VPN used by KAERI allowed access to one of the agency’s servers. KAERI
    said it discovered the attack on May 31st and then took steps to block
    the IP addresses and install security patches."

    well, obviously hindsight is 20:20 but who is able to spend THAT MUCH
    TIME to keep up with patches? A stable Linux like Debian (or my
    favorite, Devuan) is more likely to protect you and they seem to be
    pretty good at patching Zero-days. But Windows servers... well maybe I
    should measure for the coffin now, while you're still standing up.

    Also according to a S. Korean news agency

    "the KAERI network was breached using an email address from President
    Moon Jae-in’s former advisor, Moon Chung-in, that was acquired during a
    2018 Kimsuky-attributed cyberattack."

    So they grabbed an e-mail address in a previous crack, THEN sent
    spear-phished malware at it. Nice to know this tactic exists. Maybe
    THEN we can do something about it before it happens AGAIN. to ANYONE.

    (aka 'Bombastic Bob' in case you wondered)

    'Feeling with my fingers, and thinking with my brain' - me

    'your story is so touching, but it sounds just like a lie'
    "Straighten up and fly right"

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)