A South Korean nuclear power research organization, Korea Atomic Energy Research Institute (KAERI), has admitted that it was investigating a breach that they suspect is the work of North Korean state-sponsored threat actor Kimsuky, which has been around since 2012. The attack happened on May 14th and was the result of an unpatched vulnerability in the VPN for the organization. An outside investigation determined that one of the 13 IP addresses used to attack the organization was traced back to Kimsuky. The organization is still investigating the breach but has blocked the IP addresses and patched the vulnerability.
Using Microsoft Sentinel to Detect Confluence CVE-2022-26134 Exploitation
By Akshay Rohatgi and Randy Pargman About this Student Research Project Binary Defense’s mission is