Hackers breach and expose a major North Korean spying operation

Summary

Hackers claim to have compromised the computer of a North Korean government hacker and leaked its contents online, offering a rare window into a hacking operation by the notoriously secretive nation. The two hackers, who go by Saber and cyb0rg, published a report about the breach in the latest issue of Phrack magazine, a legendary cybersecurity e-zine that was first published in 1985. The latest issue was distributed at the Def Con hackers conference in Las Vegas last week. In the article, the two hackers wrote that they were able to compromise a workstation containing a virtual machine and a virtual private server belonging to the hacker, whom they call “Kim.” The hackers claim Kim works for the North Korean government espionage group known as Kimsuky, also known as APT43 and Thallium. The hackers leaked the stolen data to DDoSecrets, a nonprofit collective that stores leaked datasets in the public interest. Kimsuky is a prolific advanced persistent threat group, or APT, widely believed to be working inside North Korea’s government, targeting journalists, government agencies in South Korea and elsewhere, and other targets that could be of interest for North Korea’s intelligence apparatus. As is usual with North Korea, Kimsuky also conducts operations more akin to a cybercriminal group, for example stealing and laundering cryptocurrencies to fund North Korea’s nuclear weapons program. This hack gives an almost-unprecedented look inside the operation of Kimsuky, given that the two hackers compromised one of the group’s members, rather than investigating a data breach as cybersecurity researchers and companies typically have to rely on. “It shows a glimpse how openly ‘Kimsuky’ cooperates with Chinese [government hackers] and shares their tools and techniques,” the hackers wrote. An illustration of North Korean dictator Kim Jong-un, which was included in the phrack article (Image: Saber and cyb0rg/Phrack) Obviously, what Saber and cyb0rg did is technically a crime, alt...