Hackers leak North Korean group’s data

The breach, carried out by two hackers identifying themselves as Saber and cyb0rg, was detailed in the latest issue of the cyber security magazine Phrack.

“This article is an invitation for threat hunters, reverse engineers and hackers,” the hackers wrote.

The article included a letter directed at the North Korean hacker group Kimsuky, revealing the motivations for targeting them.

“You are driven by financial greed, to enrich your leaders, and to fulfill their political agenda,” the hackers wrote.

“You steal from others and favour your own. You value yourself above the others: you are morally perverted.”

The trove of data includes tactics and techniques used by Kimsuky, as well as logs that appear to show an attack on South Korea’s military intelligence security agency and Ministry of Foreign Affairs.

The Kimsuky group’s operating hours allegedly adhere to “strict office hours”, according to the report, “always connecting at around 9:00 and disconnecting by 17:00 Pyongyang time”.

The group has been in operation since at least 2012, and has been credited with numerous attacks on institutions and government agencies.

A recent report from cyber security firm ESET noted that Kimsuky has shifted away from targets in the US and Europe to focus on South Korea.

“In our previous APT Activity Report we noted that Kimsuky was actively targeting, under the guise of interview requests, English-speaking think tanks, NGOs, and North Korea experts,” the report stated.

“These types of campaigns have decreased. Over the past six months, the majority of campaigns attributed to Kimsuky has been targeting South Korean individuals and companies, as well as embassies and diplomatic personnel located in South Korea.”

While most attacks involve espionage and data theft, the group has also been linked to cryptocurrency heists, with the funds being used to fund North Korea’s nuclear weapons program.