Subj : Notorious North Korean ha
To   : All
From : Mike Powell
Date : Wed Aug 13 2025 08:24 am

Notorious North Korean hacking group Kimsuky gets hacked itself - revealing
some of its deepest secrets

Date:
Tue, 12 Aug 2025 16:04:00 +0000

Description:
A hacker with a conscience targeted Kimsuky and leaked tools, logs, and more.

FULL STORY

Kimsuky, a notorious North Korean state-sponsored threat actor , has been
hacked by someone who claims not to be a cybercriminal but rather - an
"artist".

The database is 8.9GB in size, and can be found on the Distributed Denial of
Secrets website, containing logs, tools, and infrastructure used by the
group, exposing their tactics, techniques, and procedures.

The haul contains phishing logs showing an attack against The Defense
Counterintelligence Command (South Korean military intelligence security
agency), different targeted domains, archives with the complete source code
of South Koreas Ministry of Foreign Affairs email platform (including
webmail, admin, and other modules), a list of South Korean university
professors, a toolkit for building phishing sites, Cobalt Strike loaders, and
more.

Driven by greed

Kimsuky is notorious for its cyber-espionage campaigns. The groups earliest
sightings were back in 2012, and since then, it was credited with numerous
attacks against government agencies, think tanks, research institutions, and
media outlets. It is particularly focused on Korean Peninsula affairs,
nuclear policy, and foreign relations.

The hacker, going by Saber / cyb0rg, slammed Kimsuky for advancing state
agendas:

Kimsuky, you are not a hacker. You are driven by financial greed, to enrich
your leaders, and to fulfill their political agenda, a letter accompanying
the dump reads. You steal from others and favor your own. You value yourself
above the others: You are morally perverted.

You hack for all the wrong reasons, the letter concluded.

Although a commendable effort, this leak will probably not completely stop
Kimsuky, a state-sponsored actor with formidable resources.

However, since many tools and methods have been burned, it could slow the
group down, expose current campaigns, and force it to start from scratch in
some cases.

Via BleepingComputer

======================================================================
Link to news story:
https://www.techradar.com/pro/security/notorious-north-korean-hacking-group-ki
msuky-gets-hacked-itself-revealing-some-of-its-deepest-secrets

$$
--- SBBSecho 3.28-Linux
* Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)

You are viewing proxied material from vert.synchro.net. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.