A rather usual (well, nowadays, that is) and successful hacking op took place in May that targeted South Korea’s nuclear research institution, KAERI. The initial attack vector was based on a vulnerability found in a VPN server and from that point the alleged hackers made their incursion laterally within the compromised network. According to the available reports one of the 13 IPs associated with this very breach had been previously used by an APT group which is said to be linked to the Democratic People’s Republic of Korea.
It is of course no wonder that two countries which are technically at war with each other would do everything and anything to find out what the other is about – especially if nuclear technology is involved in the equation.
What is more compelling is that the nuclear institution denied the allegations flat out and only after a few months came to the conclusion that it might be better to tell the public what had happened.
As the communique reads “The statement that “there was no hacking incident” was a mistake in the response of the working-level staff, which occurred in a situation where damage was not confirmed during investigation due to suspected infringement.”
In other words: the most secretive material is now might be in Pyongyang, because a most banal vulnerabilty was present, but no worries, we’ll punish some “working level” chaps and all is well.
Sadly, it won’t. It will only embolden the other side seeing that there are no consequences to talk of. And if them got away, we will for sure, too.
And what was there to tell the public? For example that Pyongyang is now possibly having even more nuclear knowledge translating to some even bigger nuclear toys. Not much, really.