Wilson's Media

A Tech & Gaming Blog

Notorious North Korean hacking group Kimsuky gets hacked itself – revealing some of its deepest secrets

  • A hacker has stolen sensitive Kimsuky files and logs
  • They claim the group is “morally perverted”, and hacks for “all the wrong reasons”
  • But the leak will not dismantle the group, some argue

Kimsuky, a notorious North Korean state-sponsored threat actor, has been hacked by someone who claims not to be a cybercriminal but rather – an “artist”.

The database is 8.9GB in size, and can be found on the “Distributed Denial of Secrets” website, containing logs, tools, and infrastructure used by the group, exposing their tactics, techniques, and procedures.

The haul contains phishing logs showing an attack against The Defense Counterintelligence Command (South Korean military intelligence security agency), different targeted domains, archives with the complete source code of South Korea’s Ministry of Foreign Affairs email platform (including webmail, admin, and other modules), a list of South Korean university professors, a toolkit for building phishing sites, Cobalt Strike loaders, and more.

Driven by greed

Kimsuky is notorious for its cyber-espionage campaigns. The group’s earliest sightings were back in 2012, and since then, it was credited with numerous attacks against government agencies, think tanks, research institutions, and media outlets. It is particularly focused on Korean Peninsula affairs, nuclear policy, and foreign relations.

The hacker, going by Saber / cyb0rg, slammed Kimsuky for advancing state agendas:

“Kimsuky, you are not a hacker. You are driven by financial greed, to enrich your leaders, and to fulfill their political agenda,” a letter accompanying the dump reads. “You steal from others and favor your own. You value yourself above the others: You are morally perverted.”

“You hack for all the wrong reasons,” the letter concluded.

Although a commendable effort, this leak will probably not completely stop Kimsuky, a state-sponsored actor with formidable resources.

However, since many tools and methods have been “burned”, it could slow the group down, expose current campaigns, and force it to start from scratch in some cases.

Via BleepingComputer

You might also like


Source

A hacker has stolen sensitive Kimsuky files and logs They claim the group is “morally perverted”, and hacks for “all the wrong reasons” But the leak will not dismantle the group, some argue Kimsuky, a notorious North Korean state-sponsored threat actor, has been hacked by someone who claims not to…

Tags: ,
Previous Post
Next Post

Leave a Reply

Your email address will not be published. Required fields are marked *

Recent Posts

Archives