Hackers Claim to Have Infiltrated North Korean Hacker's Computer
Reveal Evidence of Kimsuky Operations and Collaboration with Chinese Hackers
Unprecedented Access Sheds Light on North Korean Cyber Activities
Claims have emerged that the computer of a hacker affiliated with the North Korean hacking group "Kimsuky" was itself hacked, resulting in the acquisition of internal data. This hacker reportedly targeted South Korean government agencies and companies, and also collaborated with Chinese hackers.
According to TechCrunch, an IT-focused media outlet, on August 12 (local time), two hackers known as "Saber" and "cyb0rg" claimed to have infiltrated the computer of a North Korean hacker and published their findings in the latest issue of the cybersecurity e-zine "Phrack."
The two stated that they had breached a work computer used by a hacker referred to as "Kim." This computer contained a virtual machine (VM) and a virtual private server (VPS). The hackers asserted that "Kim" was a member of Kimsuky, a hacking group operating under North Korea's Reconnaissance General Bureau.
Kimsuky is widely recognized as an advanced persistent threat (APT) group operating within the North Korean government, known for targeting government agencies in South Korea and other countries, as well as entities of interest to North Korean intelligence. Like other hacking organizations, Kimsuky is also believed to conduct cybercriminal operations, including stealing and laundering virtual assets to help fund North Korea's nuclear weapons program.
TechCrunch stated, "This hack provides an unprecedented opportunity to gain insight into Kimsuky's internal operations," adding, "Unlike previous incidents where security researchers or companies primarily investigated data leaks, this case involves two hackers directly breaching the computer of a Kimsuky group member."
The two hackers commented, "This incident demonstrates how openly Kimsuky collaborates with Chinese government hackers and shares tools and techniques with them."
Although they did not disclose specific institutions or company names, the hackers claimed to have found evidence that Kimsuky had breached multiple South Korean government networks and companies. They also reported discovering various data, including email addresses, hacking tools used by Kimsuky, internal manuals, and passwords.
The hackers explained that they were able to identify "Kim" as a North Korean hacker due to file settings and clues such as domains previously associated with Kimsuky. They noted that "Kim" adhered strictly to working hours, consistently logging in around 9 a.m. and disconnecting around 5 p.m. Pyongyang time.
© The Asia Business Daily(www.asiae.co.kr). All rights reserved.
