Earlier this yr, two hackers broke into a pc and shortly realized the importance of what this machine was. Because it turned out, they’d landed on the pc of a hacker who allegedly works for the North Korean authorities.
The 2 hackers determined to maintain digging and located proof that they are saying linked the hacker to cyberespionage operations carried out by the North Korean authorities, exploits and hacking instruments, and infrastructure utilized in these operations.
Saber, one of many hackers concerned, instructed information.killnetswitch that they’d entry to the North Korean authorities employee’s pc for round 4 months, however as quickly as they understood what information they received entry to, they realized they finally needed to leak it and expose what they’d found.
“These nation state hackers are hacking for all of the incorrect causes, I hope extra of them will get uncovered, they should be,” stated Saber, who spoke to information.killnetswitch after he and cyb0rg revealed an article within the legendary hacking e-zine Phrack, disclosing particulars of their findings.
There are numerous cybersecurity corporations and researchers who intently observe something the North Korean authorities, and its many hacking teams are as much as, which incorporates espionage operation but in addition more and more massive crypto heists, in addition to wide-ranging operations the place North Koreans pose as distant IT employees to fund the regime’s nuclear weapons program.
On this case, Saber and cyb0rg went one step additional and really hacked the hackers, an operation that may give extra, or at the very least totally different, insights into how these government-backed teams work, as nicely las “what they’re doing every day and so forth,” as Saber put it.
The hackers wish to be recognized solely by their handles, Saber and cyb0rg, as a result of they might face retaliation from the North Korean authorities, and probably others. Saber stated that they contemplate themselves hacktivists, and he namedropped legendary hacktivist Phineas Fisher, answerable for hacking adware makers FinFisher and Hacking Crew, as an inspiration.
Techcrunch occasion
San Francisco
|
October 27-29, 2025
On the similar time, the hackers additionally perceive that what they did is prohibited, however they thought it was nonetheless essential to publicize it.
“Preserving it for us wouldn’t have been actually useful,” stated Saber. “By leaking all of it to the general public hopefully we may give researchers some extra methods to detect them.”
“Hopefully this will even result in lots of their present victims being found and so to [the North Korean hackers] dropping entry,” he stated.
“Unlawful or not, this motion has introduced concrete artifacts to the neighborhood, that is extra essential,” stated cyb0rg, in a message despatched by way of Saber.
Saber stated they’re satisfied that whereas the hacker — whom they name “Kim” — works for North Korea’s regime, they might really be Chinese language and work for each governments, based mostly on their findings that Kim didn’t work throughout holidays in China, suggesting that the hacker could also be based mostly there.
Additionally, based on Saber, at instances Kim translated some Korean paperwork into simplified Chinese language utilizing Google Translate.
Saber stated that he by no means tried to contact Kim. “I don’t suppose he would even hear, all he does is empower his leaders, the identical leaders who enslave his personal individuals,” he stated. “I’d in all probability inform him to make use of his data in a manner that helps individuals, not damage them. However he lives in fixed propaganda and certain since beginning so that is all meaningless to him,” referring to the strict data vacuum that North Koreans reside in, as they’re largely reduce off from the skin world.
Saber declined to reveal how he and cyb0rg received entry to Kim’s pc, on condition that the 2 imagine they’ll use the identical strategies to “get hold of extra entry to another of their techniques the identical manner.”
Throughout their operation, Saber and cyb0rg discovered proof of lively hacks carried out by Kim, in opposition to South Korean and Taiwanese corporations, which they are saying they contacted and alerted.
North Korean hackers have a historical past of concentrating on individuals who work within the cybersecurity trade as nicely. That’s why Saber stated he’s conscious of that danger, however “not likely anxious.”
“Not a lot might be completed about this, positively being extra cautious although :),” stated Saber.
