Two hackers, calling themselves "Saber" and "cyb0rg," allege they infiltrated the North Korean state-backed cyber group Kimsuky and released nearly 9GB of its internal data online. The pair, who say they oppose Kimsuky’s political motives and profit-driven hacking, criticized the group for serving regime agendas rather than genuine hacking principles. The leaked files, published through the Distributed Denial of Secrets platform, include phishing logs targeting South Korean government domains, the full source code for the Ministry of Foreign Affairs’ email platform, and toolkits for advanced phishing campaigns. Other contents reveal operational data such as Cobalt Strike loaders, reverse shells, proxy modules, live phishing kits, suspicious GitHub links, and records of VPN purchases.
Chrome and bash histories suggest visits to Taiwanese government sites, SSH access to internal systems, and activity on hacking forums. While some of the materials were partially known before, the leak offers new connections between Kimsuky’s tools and tactics, potentially exposing their infrastructure. Experts note that although the breach might not cripple the group long-term, it could cause short-term disruptions to ongoing operations. The disclosure was first announced in the latest issue of Phrack magazine, with a digital version expected soon.
Read more...