Latest news with #Kimsuky
India Today
6 days ago
- Politics
- India Today
Hackers breach North Korean spy hacker's PC, leak rare intel on secretive group
A rare cyber incident has turned the tables on one of North Korea's most well-known hacking units. The group, called Kimsuky, is believed to be linked to the country's intelligence operations. But this time, its own systems were compromised by two hackers who say they wanted to expose the group's methods and attackers, using the names "Saber" and "cyb0rg," claim they oppose everything Kimsuky stands for. They accuse the group of carrying out hacks to serve the political and financial interests of the North Korean regime rather than treating hacking as a skill or challenge. In a strongly worded message shared through the hacker publication Phrack at the DEF CON 33 conference, the pair accused Kimsuky of enriching leaders, following orders blindly, and exploiting breach led to an 8.9GB data dump, now hosted on the Distributed Denial of Secrets (DDoSecrets) website. The files appear to contain both stolen data and the group's own hacking tools. Cybersecurity researchers believe the leak could reveal previously unknown campaigns, connect related attacks, and give a clearer view of how Kimsuky operates behind the scenes. The leaked material includes phishing records showing attempts to break into multiple South Korean government domains. These include accounts under the Defence Counterintelligence Command ( and other official sites like and well-known South Korean email providers and One of the most striking finds is a compressed archive containing the complete source code of the Ministry of Foreign Affairs' "Kebi" email platform, with components for webmail, administration, and data files point to a variety of hacking tools and resources. These range from live phishing kits and PHP scripts for creating fake websites to avoid detection, to Cobalt Strike loaders and proxy modules used to hide malicious activity. The dump also contains binary files not yet flagged in major malware databases, suggesting they may be new or customised are also personal traces — browser histories linking to suspicious GitHub profiles, records of VPN service purchases, and visits to hacking forums and even Taiwanese government sites. Logs from command-line sessions show connections to internal systems, while translation tools appear to have been used for reading Chinese error some of this information matches earlier reports about Kimsuky, security analysts say this leak ties together multiple strands, potentially exposing parts of the group's infrastructure that were previously hidden. Experts caution, however, that such a setback may cause only temporary disruption to Kimsuky's operations.- Ends
Yahoo
7 days ago
- Politics
- Yahoo
Hackers breach and expose a major North Korean spying operation
Hackers claim to have compromised the computer of a North Korean government hacker and leaked its contents online, offering a rare window into a hacking operation by the notoriously secretive nation. The two hackers, who go by Saber and cyb0rg, published a report about the breach in the latest issue of Phrack magazine, a legendary cybersecurity e-zine that was first published in 1985. The latest issue was distributed at the Def Con hackers conference in Las Vegas last week. In the article, the two hackers wrote that they were able to compromise a workstation containing a virtual machine and a virtual private server belonging to the hacker, whom they call 'Kim.' The hackers claim Kim works for the North Korean government espionage group known as Kimsuky, also known as APT43 and Thallium. The hackers leaked the stolen data to DDoSecrets, a nonprofit collective that stores leaked datasets in the public interest. Kimsuky is a prolific advanced persistent threat group, or APT, widely believed to be working inside North Korea's government, targeting journalists, government agencies in South Korea and elsewhere, and other targets that could be of interest for North Korea's intelligence apparatus. As is usual with North Korea, Kimsuky also conducts operations more akin to a cybercriminal group, for example stealing and laundering cryptocurrencies to fund North Korea's nuclear weapons program. This hack gives an almost-unprecedented look inside the operation of Kimsuky, given that the two hackers compromised one of the group's members, rather than investigating a data breach as cybersecurity researchers and companies typically have to rely on. 'It shows a glimpse how openly 'Kimsuky' cooperates with Chinese [government hackers] and shares their tools and techniques,' the hackers wrote. Obviously, what Saber and cyb0rg did is technically a crime, although they will likely never be prosecuted for it, considering North Korea is sanctioned up to its eyeballs. The two hackers clearly believe Kimsuky members deserve to be exposed and embarrassed. 'Kimsuky, you're not a hacker. You are driven by financial greed, to enrich your leaders, and to fulfill their political agenda. You steal from others and favour your own. You value yourself above the others: You are morally perverted,' the two wrote in Phrack. 'You hack for all the wrong reasons.' Saber and cyb0rg claim to have found evidence of Kimsuky compromising several South Korean government networks and companies, email addresses, and hacking tools used by the Kimsuky group, internal manuals, passwords, and more data. Emails sent to the addresses allegedly belonging to the hackers, which were listed in the research, went unanswered. The hackers wrote that they were able to identify Kim as a North Korean government hacker, thanks to 'artifacts and hints' that pointed in that direction, including files configurations and domains previously attributed to the North Korean hacking group Kimsuky. The hackers also noted Kim's 'strict office hours, always connecting at around 09:00 and disconnecting by 17:00 Pyongyang time.'
