You've linked to a story about someone penetrating a fringe CA, and the galactic shitstorm that resulted, including the revocation of that CA's CA status in most Internet browsers.

Which is what he speculated South Korea as having done, right?

The most probable situation here (if it actually occurred) is that South Korea owns a certificate authority that is accepted by browsers and did a MITM attack with their own google cert.