The North Korean espionage group Kimsuky has been compromised by rival hackers, leading to the disclosure of sensitive information about its operations. This finding has been published in the magazine Phrack and revealed during the recent Def Con conference in Las Vegas. Hackers known as Saber and cyb0rg have managed to access a system used by a Kimsuky member, collecting data that was later shared non-profit with the DDoSecrets initiative.
Dangerous Relationships
Kimsuky, also known as APT43 or Thallium, is famous for its involvement in the theft and laundering of cryptocurrencies, activities aimed at financing North Korea’s nuclear program. The leaked information includes evidence of intrusions into government networks, handling of hacking tools, and a surprisingly regular work schedule, with the North Korean hacker observed working from 09:00 to 17:00.
Additionally, the filtrators have claimed that Kimsuky collaborates with Chinese government hackers, suggesting an exchange of tools and techniques between these groups. This link highlights the complex ecosystem of cyber espionage and cybercrime in which North Korea operates, a country already known for having formed alliances with American citizens to divert funds in its favor. However, with this recent breach, the attacks they usually carry out are exposed to public scrutiny.
Despite being one of the most secretive nations in terms of information, North Korea has one of the most sophisticated hacking fleets in the world. The implications of this leak are significant, as it not only provides tangible evidence of Kimsuky’s operations, but it could also impact how cyber espionage is conducted in the future.
