The hackers claim they compromised the North Korean government's hacker's computers, leaked its contents online, and provided an unusual window into hacking operations by the infamous, secret nation.
Two hackers who Saber and Cyb0rg go to have released a report on violations in the latest issue of Phrack Magazine, the legendary cybersecurity e-zine first released in 1985.
In the article, the two hackers wrote that they were able to compromise on workstations that contain virtual machines and virtual private servers belonging to the hacker. Hackers claim that Kim works for a North Korean government spy group known as Kimsky, also known as APT43 and Thallium. The hacker leaked the stolen data to Ddosecrets. This is a non-commercial group that stores leaked datasets for the public interest.
Kimsky is a rich, sophisticated, permanent threat group widely considered to target government agencies in South Korea and elsewhere, as well as other targets that may be interested in North Korea's intelligence reporting agencies.
Like North Korea and normal, Kimsky also has operations similar to cybercrime groups, such as stealing and washing cryptocurrencies to fund North Korea's nuclear weapons program.
This hack gives it a nearly existing look inside Kimsky's operation, given that two hackers have violated one of the group's members, as cybersecurity researchers and businesses usually have to rely on.
“It shows a glimpse into how 'Kimsky' openly cooperates with the Chinese. [government hackers] The hacker wrote.
Illustration of North Korean dictator Kim Jong-un. This was included in the Prack article (Image: Saber and Cyb0rg/Prack)
Clearly, what Saber and Cyb0RG did is technically a crime, but given that North Korea is approved as its eyeball, they probably won't be prosecuted. The two hackers clearly believe that Kimsky members are exposed and deserve embarrassing.
“Kimsky, you are not a hacker. You are driven by financial greed, enrich your leaders and fulfill your political agenda. You steal from others and support yourself. “Hack for the wrong reasons.”
Saber and Cyb0RG claim they have found Kimsuky's evidence that violates several South Korean government networks and businesses that Kimsuky Group uses, email addresses, and data such as hacking tools, internal manuals, and passwords.
The emails sent to an address that allegedly belong to a hacker were listed in the study, but were unable to answer.
The hacker wrote that “artifacts and hints” including file structure and domains caused by North Korean hacking group Kimsky allowed him to identify Kim as a North Korean government hacker.
The hacker also said Kim's “strict opening hours are always connected around 09:00 and have been disconnected by 5:00 Pyongyang time.”