The South Korean Atomic Energy Research Institute (KAERI) disclosed Friday that several unauthorized parties obtained access to KAERI’s internal networks. The Record reports that some of the infrastructure used in the intrusion was traceable to North Korea’s Kimsuky group. KAERI had initially denied that the incident had occurred; the institute apologized in Friday’s statement for its earlier denials. According to BleepingComputer, the intrusion happened on June 14th, and that the threat actor gained access through a VPN flaw.
Senior members of Poland’s government met last week for a closed-door discussion of an email hacking incident. Reuters quotes Deputy Prime Minister Jaroslaw Kaczynski as saying, Friday, "The analysis of our services and the secret services of our allies allows us to clearly state that the cyber attack was carried out from the territory of the Russian Federation. Its scale and range are wide.” The Record says Poland’s Internal Security Agency has notified its NATO allies of recent Russian cyberattacks, the goal of which, Polish officials say, has been “to hit Polish society and destabilize the country.“
Norway's Police Security Service (PST) has attributed a 2018 cyberespionage incident to China's APT31. The Record quotes PST: “The investigation revealed that the actor succeeded in acquiring administrator rights that gave it access to centralized computer systems used by all state administration offices in the country.”
Ambivalence in official US policy and regulation can complicate victims' responses to ransomware attacks. While the FBI discourages paying ransom, such payments may be tax deductible, the AP reports.