Hackers breach Kimsuky, the infamous North Korean cybercriminal group, spilling their hidden secrets
In a shocking turn of events, two hackers going by the names Saber and cyb0rg have claimed responsibility for hacking the notorious North Korean state-sponsored threat actor, Kimsuky. They describe themselves as "ethical hackers" with no political allegiance, accusing Kimsuky of hacking for financial gain and political control, rather than skill or curiosity.
The hackers' motivations were clearly stated in a publication in the hacker magazine Phrack, where they criticised Kimsuky for being driven by greed and fulfilling a political agenda. They labelled Kimsuky as morally perverted and claimed the leak was intended to serve as an invitation for other threat hunters and researchers to analyse and understand the group’s operations.
The data breach, which is approximately 8.9GB in size, has been made public on the "Distributed Denial of Secrets" website. It includes a wealth of sensitive data, such as phishing logs, malware source code, and operational histories, all of which provide a detailed insight into Kimsuky’s activities.
The data leak has exposed Kimsuky’s infrastructure, revealing details such as their strict office hours, targeting strategies, and internal processes, thereby disrupting their espionage and cybercrime activities. The leak could potentially slow down Kimsuky due to the "burning" of many tools and methods.
Kimsuky, a state-sponsored actor, has been credited with numerous attacks against government agencies, think tanks, research institutions, and media outlets, particularly focusing on Korean Peninsula affairs, nuclear policy, and foreign relations. The data leak might force Kimsuky to start from scratch in some cases, but it remains unclear if the group will be completely stopped by this data leak.
The data leak also includes phishing logs showing an attack against The Defense Counterintelligence Command (South Korean military intelligence security agency), which could expose current campaigns of Kimsuky. The data leak is reported by BleepingComputer.
The individuals claiming to have hacked Kimsuky remain anonymous, going by the names Saber and cyb0rg. They have released logs, tools, and infrastructure used by Kimsuky, exposing their tactics, techniques, and procedures. This leak provides an opportunity for researchers and threat hunters to gain a deeper understanding of Kimsuky’s operations, potentially aiding in the prevention of future attacks.
[1] Phrack Magazine: https://phrack.org/ [2] Distributed Denial of Secrets: https://ddos-sec.org/ [3] BleepingComputer: https://www.bleepingcomputer.com/ [4] The Hacker News: https://thehackernews.com/ [5] CyberScoop: https://www.cyberscoop.com/
Read also:
- Dynamic interplay of power and communication channels set the course for the network's new era
- Interview with Jimmy Mesta, Co-Founder and CTO of RAD Security, on the Real-Time Defense Company
- AI identifies fraud during a phone call by Bilin
- Exploring Advanced Methods in Creating Virtual Reality Applications
