North Korean Kimsuky Hackers Uncovered in Suspected Data Breach Incident

The North Korean state-sponsored hacking group known as Kimsuky has reportedly experienced a significant data breach. Two hackers, identifying themselves as ‘Saber’ and ‘cyb0rg,’ have claimed responsibility for the breach, citing ethical motivations for their actions. They assert that Kimsuky is “hacking for all the wrong reasons,” driven by political agendas and regime orders rather than the independent practice of hacking. In a statement published in the latest issue of Phrack, distributed at the DEF CON 33 conference, the hackers condemned Kimsuky, stating, “You are driven by financial greed, to enrich your leaders, and to fulfil their political agenda.” They accused the group of stealing from others and prioritising their own interests over ethical considerations.

The hackers leaked an 8.9GB dump of Kimsuky’s backend data, which is currently hosted on the ‘Distributed Denial of Secrets’ website. This data includes phishing logs associated with multiple dcc.mil.kr email accounts, as well as targeted domains such as spo.go.kr and kakao.com. Notably, the leak contains a complete source code archive of South Korea’s Ministry of Foreign Affairs email platform, known as “Kebi,” along with various phishing tools and live kits. The hackers also revealed unknown binary archives and executables that had not been flagged in VirusTotal. While some of the leaked information may have been previously documented, the breach provides new insights into Kimsuky’s operations, potentially complicating their ongoing campaigns and exposing their infrastructure and methods. 

Categories: Data Breach, Ethical Hacking, Cybersecurity Tools 

Tags: Kimsuky, Data Breach, Hackers, Ethical Reasons, Phishing Logs, South Korea, Cybersecurity, APT Infrastructure, Hacking Tools, Operational Difficulties