Earlier this year, two hackers broke into a computer and soon realized the significance of what this machine was. As it turned out, they had landed on the computer of a hacker who allegedly works for the North Korean government.
The two hackers decided to keep digging and found evidence that they say linked the hacker to cyberespionage operations carried out by North Korea, exploits and hacking tools, and infrastructure used in those operations.
Saber, one of the hackers involved, said that they had access to the North Korean government worker’s computer for around four months. Once they understood what data they got access to, they decided to leak it publicly.
“These nation state hackers are hacking for all the wrong reasons, I hope more of them will get exposed, they deserve to be,” said Saber, who spoke after he and fellow hacker cyb0rg published an article in the legendary hacking e-zine Phrack, disclosing details of their findings.
Related: Norway Blames Russian Hackers for Dam Breach That Released Millions of Gallons
North Korean hacking groups are notorious for espionage, large-scale crypto heists, and operations where agents pose as remote IT workers to funnel money into the regime’s nuclear program. In this case, Saber and cyb0rg went a step further, hacking the hackers themselves.
The hackers, identified only by their handles, said they risk retaliation but felt compelled to act. They compare themselves to hacktivist Phineas Fisher, who previously targeted spyware firms.
“Keeping it for us wouldn’t have been really helpful,” Saber said. “By leaking it all to the public hopefully we can give researchers some more ways to detect them.”
Evidence found on the computer suggested the hacker, dubbed “Kim,” targeted South Korean and Taiwanese companies, which Saber and cyb0rg claim they alerted. They also suspect “Kim” may be Chinese and working for both governments, based on work patterns and language use.
Despite knowing their actions were illegal, the pair believe their leak provided valuable insights. “Illegal or not, this action has brought concrete artifacts to the community, this is more important,” said cyb0rg.
Saber added that he never tried to contact Kim directly: “I’d probably tell him to use his knowledge in a way that helps people, not hurt them… but he lives in constant propaganda.”
The hackers said they plan to use the same techniques to infiltrate other systems but remain cautious, aware of North Korea’s history of retaliating against security professionals.
