News
Hackers Breach North Korea’s Kimsuky Group, Leak 8.9GB of Data at DEF CON
North Korea’s state-backed hacking group Kimsuky has found itself on the receiving end of a cyberattack, with two hackers claiming to oppose the group’s political agenda leaking nearly 9GB of its data online.
“You Are Not a Hacker” — A Public Rebuke at DEF CON
The breach came to light during DEF CON 33, where an address to Kimsuky appeared in the latest issue of hacker magazine Phrack. The message was blunt.
“You are driven by financial greed, to enrich your leaders, and to fulfill their political agenda,” wrote hackers ‘Saber’ and ‘cyb0rg,’ adding that Kimsuky’s methods are morally corrupt. They accused the group of working for state orders instead of pursuing hacking for skill or curiosity.
It’s an unusually public dressing-down — made sharper by the fact it came from within the hacker community.
What the Leak Contains
The 8.9GB trove, now hosted by Distributed Denial of Secrets (DDoSecrets), includes an array of internal tools, source code, and stolen information. While some of the material has been seen before, researchers say the connections between assets give fresh insight into Kimsuky’s operations.
Highlights from the leak:
Phishing logs targeting multiple dcc.mil.kr (Defense Counterintelligence Command) accounts.
Source code for South Korea’s Ministry of Foreign Affairs “Kebi” email platform — webmail, admin, and archive modules.
Curated lists of South Korean university professors and citizen certificate data.
A PHP “Generator” toolkit for building phishing sites with evasion features.
Live phishing kits and various unknown binary archives and executables.
Some of the more notable finds include Cobalt Strike loaders, reverse shells, and Onnara proxy modules hidden in VMware caches, plus browsing histories showing VPN purchases, GitHub activity, and visits to Taiwanese government and military websites.
Evidence of Operational Habits
The leaked Chrome histories and bash logs paint a picture of how Kimsuky operators work day-to-day. Records show SSH connections to internal systems, regular translation of Chinese error messages via Google Translate, and use of popular hacking forums such as Freebuf and Xaker.
One security researcher familiar with APT investigations noted that while not all files are unique or new, “the contextual linking is what’s important here — it’s a spiderweb map of their operations.”
Potential Impact on Kimsuky
Security analysts believe this breach is unlikely to dismantle Kimsuky outright. The group has operated since at least 2013 and survived other public exposures. However, the leak could force them to rebuild parts of their infrastructure, abandon compromised tools, and pause certain operations.
APT groups often rely on secrecy for persistence. When their methods are “burned” publicly, it creates friction. That friction can delay attacks, cost money, and expose operatives to tracking.
A First in Hacker Politics?
It’s rare to see hackers openly target another hacking group over ethics, especially across geopolitical lines. The fact that Saber and cyb0rg timed the leak with DEF CON and published in Phrack adds a performative element — a stage for their denunciation.
Whether it’s a one-off act of hacker vigilantism or the start of a trend remains to be seen. But for Kimsuky, the embarrassment is immediate, and the operational headaches are likely already underway.
Malicious AI Tools Arm Cybercriminals with Deadly Code
AI Ignites 180% Digital Fraud Surge in 2025
James Bond Game Zooms In with Aston Martin Valhalla Reveal
Actor Spencer Lofranco Dies at 33 Amid Ongoing Probe
Mounting Consumer Spending Challenges Signal Investor Caution
XRP vs Bitcoin: Top Crypto Investment Pick for 2025?
Taylor Swift and Sabrina Carpenter Spark NYC Buzz with Glam Dinner Outing
Stranger Things Stars Hug It Out Amid Bullying Storm
David Coverdale Announces Shocking Rock Retirement
