Hackers Compromise a North Korean Government Hacker, Exposing Secretive Operations
In an almost-unprecedented move, two hackers have published a report claiming they compromised a workstation belonging to a North Korean government hacker. The breach offers a rare and candid window into the inner workings of Kimsuky, a notorious government-backed cyber-espionage group also known as APT43.
The hackers, who go by Saber and cyb0rg, detailed their findings in the latest issue of Phrack, a legendary cybersecurity e-zine distributed at the Def Con conference in Las Vegas. They claim to have compromised a virtual machine and a virtual private server, providing a direct look at the tools and methods used by a hacker they identified as “Kim.”
What the Breach Revealed
Unlike typical cybersecurity investigations that rely on post-breach analysis, this hack allowed Saber and cyb0rg to peer directly into an active operation. Their findings are significant:
- Cooperation with Chinese Hackers: The leaked data reportedly shows how “Kimsuky cooperates with Chinese government hackers and shares their tools and techniques.”
- Hacking Tools and Manuals: The hackers claim to have found a trove of Kimsuky’s proprietary hacking tools, internal manuals, and passwords.
- Government Targets: The data also reportedly contains evidence of Kimsuky compromising several South Korean government networks and companies.
- “Strict Office Hours”: In a fascinating detail, the hackers noted that Kim adhered to “strict office hours,” connecting and disconnecting from their workstation at specific times, a detail that humanizes the otherwise faceless cyber-espionage group.
A Retaliatory Act with a Message
Saber and cyb0rg’s motivation appears to be rooted in a strong moral conviction. While their actions are technically a crime, they framed the hack as a righteous act of exposure against a group they believe is “morally perverted.” In their Phrack article, they condemned Kimsuky for hacking for “all the wrong reasons,” citing the group’s involvement in financial cybercrime to fund North Korea’s nuclear weapons program.
This hack is a powerful reminder of the complex and often murky world of state-sponsored hacking and counter-hacking. By compromising a member of Kimsuky, Saber and cyb0rg have provided the cybersecurity community with invaluable intelligence, offering a level of insight into one of the world’s most secretive nations that would be nearly impossible to obtain otherwise.