Hackers Breach And Expose A Major North Korean Spying Operation

Hackers declare to person compromised nan machine of a North Korean authorities hacker and leaked its contents online, offering a uncommon model into a hacking cognition by nan notoriously secretive nation. 

The 2 hackers, who spell by Saber and cyb0rg, published a study about nan breach successful nan latest rumor of Phrack magazine, a legendary cybersecurity e-zine that was first published successful 1985. The latest rumor was distributed astatine nan Def Con hackers convention successful Las Vegas past week.

In nan article, nan 2 hackers wrote that they were capable to discuss a workstation containing a virtual instrumentality and a virtual backstage server belonging to nan hacker, whom they telephone “Kim.” The hackers declare Kim useful for nan North Korean authorities espionage group known arsenic Kimsuky, also known arsenic APT43 and Thallium. The hackers leaked nan stolen information to DDoSecrets, a nonprofit corporate that stores leaked datasets successful nan nationalist interest.

Kimsuky is simply a prolific precocious persistent threat group, or APT, wide believed to beryllium moving wrong North Korea’s government, targeting journalists, government agencies successful South Korea and elsewhere, and different targets that could beryllium of liking for North Korea’s intelligence apparatus. 

As is accustomed pinch North Korea, Kimsuky besides conducts operations much akin to a cybercriminal group, for illustration stealing and laundering cryptocurrencies to money North Korea’s atomic weapons program. 

This hack gives an almost-unprecedented look wrong nan cognition of Kimsuky, fixed that nan 2 hackers compromised 1 of nan group’s members, alternatively than investigating a information breach arsenic cybersecurity researchers and companies typically person to trust on.

“It shows a glimpse really openly ‘Kimsuky’ cooperates pinch Chinese [government hackers] and shares their devices and techniques,” nan hackers wrote.

An illustration of North Korean dictator Kim Jong-un, which was included successful nan phrack article (Image: Saber and cyb0rg/Phrack)

Obviously, what Saber and cyb0rg did is technically a crime, though they will apt ne'er beryllium prosecuted for it, considering North Korea is sanctioned up to its eyeballs. The two hackers intelligibly judge Kimsuky members merit to beryllium exposed and embarrassed.

“Kimsuky, you’re not a hacker. You are driven by financial greed, to enrich your leaders, and to fulfill their governmental agenda. You bargain from others and favour your own. You worth yourself supra nan others: You are morally perverted,” nan 2 wrote successful Phrack. “You hack for each nan incorrect reasons.”

Saber and cyb0rg declare to person recovered grounds of Kimsuky compromising respective South Korean authorities networks and companies, email addresses, and hacking devices utilized by nan Kimsuky group, soul manuals, passwords, and much data. 

Emails sent to nan addresses allegedly belonging to nan hackers, which were listed successful nan research, went unanswered. 

The hackers wrote that they were capable to place Kim arsenic a North Korean authorities hacker, acknowledgment to “artifacts and hints” that pointed successful that direction, including files configurations and domains antecedently attributed to nan North Korean hacking group Kimsuky. 

The hackers also noted Kim’s “strict agency hours, ever connecting astatine astir 09:00 and disconnecting by 17:00 Pyongyang time.”