North Korea’s Kimsuky hackers linked to major data breach
▼ Summary
– North Korean hacking group Kimsuky suffered a data breach after two hackers, Saber and cyb0rg, leaked its data publicly, citing ethical objections to its politically motivated operations.
– The hackers criticized Kimsuky for prioritizing financial gain and regime agendas over independent hacking, calling them “morally perverted” in a statement published in Phrack.
– The leaked 8.9GB data dump includes phishing logs, source code of South Korea’s Ministry of Foreign Affairs email platform, and tools like Cobalt Strike loaders and phishing kits.
– The breach exposes Kimsuky’s infrastructure, linking its tools and activities, which could disrupt its ongoing campaigns despite likely short-term operational impact.
– The leaked data, hosted on Distributed Denial of Secrets, includes previously unknown details, while the full Phrack issue (#72) will soon be available online for free.
North Korea’s notorious hacking group Kimsuky has reportedly fallen victim to an unexpected data breach, with two rogue hackers leaking sensitive information about the group’s operations. The individuals behind the leak, identifying themselves as “Saber” and “cyb0rg,” claim their actions were motivated by ethical concerns, accusing Kimsuky of prioritizing political agendas and financial gain over genuine hacking principles.
In a scathing message published in Phrack magazine and shared at the DEF CON 33 conference, the hackers condemned Kimsuky’s activities, stating, “You are not a hacker. You steal to enrich your leaders and serve their political goals.” The leaked data, now publicly available, includes backend tools, stolen records, and insights into previously undisclosed cyber campaigns.
The 8.9GB collection of data, available on Distributed Denial of Secrets, uncovers some troubling information: phishing logs connected to South Korean defense email accounts (dcc.mil.kr) and other significant domains such as spo.go.kr and naver.com. Security analysts examining this leak propose it uncovers previously unrecognized connections between Kimsuky’s tools and operations, ultimately compromising the group’s infrastructure. Although this breach might not permanently disable Kimsuky, it has the potential to disrupt ongoing activities and require the group to rework its strategies.
The latest edition of Phrack is presently offered in limited physical copies, with an online release anticipated shortly. Researchers are still confirming the authenticity of the leaked data, which might offer essential insights into North Korea’s cyber warfare methods.
(Source: BLEEPING COMPUTER)
