Two hackers gained access to a computer earlier this year and quickly recognized the importance of the device. They had, in fact, landed on the computer of a hacker who is purportedly employed by the North Korean government.
The two hackers chose to continue their investigation and discovered information that they claim connected the hacker to North Korean cyberespionage activities, hacking tools and exploits, and infrastructure utilized in those activities.
One of the hackers, Saber, told TechCrunch that they had been able to access the computer of the North Korean government employee for almost four months, but they recognized they had to share the information they had found as soon as they realized what they had access to.
“The motivations behind these nation-state hackers’ hacking are completely wrong. After he and Cyb0rg published a piece in the renowned hacking e-zine Phrack detailing their findings, Saber told TechCrunch, “I hope more of them will get revealed; they deserve to be.”
Numerous cybersecurity firms and researchers keep a close eye on everything the North Korean government and its numerous hacker groups do, including espionage operations, increasingly massive cryptocurrency thefts, and extensive schemes in which North Koreans impersonate distant IT workers in order to finance the regime’s nuclear weapons program.
The hackers were really hacked in this instance by Saber and Cyb0rg, which can provide additional or different insights into the operations of these government-backed organizations and “what they are doing on a daily basis and so on,” as Saber described it.
Because the North Korean government and possibly others could retaliate against them, the hackers prefer to be identified solely by their handles, Saber and cyb0rg. They call themselves hacktivists, Saber claimed, citing as an inspiration the renowned hacktivist Phineas Fisher, who broke into the spyware companies FinFisher and Hacking Team.
Although the hackers are aware that what they did is against the law, they felt it was still necessary to make the public aware of it.
“It would not have been really useful to save it for us,” Saber remarked. “Hopefully, by making everything public, we can provide researchers with more methods to identify them.”
He expressed hope that this would also result in the discovery of many of their present victims, which would prevent [the North Korean hackers] from gaining access.
Cyb0rg stated in a message delivered through Saber that “this activity has brought concrete artifacts to the community; this is more important, illegal or not.”
Based on their findings that Kim did not work during holidays in China, which suggests that the hacker may be based there, Saber said they are confident that although the hacker, whom they call “Kim,” works for North Korea’s dictatorship, they may actually be Chinese and work for both nations.
Additionally, Saber claims that Kim occasionally used Google Translate to convert some Korean texts into simplified Chinese.
Saber claimed he never made an effort to get in touch with Kim. “He empowers his leaders, the same leaders who enslave his own people,” he claimed, adding that he probably would not even listen. I would definitely advise him to apply his expertise in a way that benefits others rather than harms them. However, he has probably been exposed to propaganda since birth, so this is all useless to him. Because they are mainly isolated from the outside world, North Koreans live in a severe information vacuum, which he is referring to.
Given that he and Cyb0rg think they can use the same methods to “get more access to some other of their systems the same way,” Saber declined to reveal how they gained access to Kim’s PC.
Saber and Cyber0rg discovered evidence of ongoing hacks by Kim against Taiwanese and South Korean organizations during their operation, which they claim they contacted and warned about.
Hackers from North Korea have a history of focusing on cybersecurity professionals. For this reason, Saber stated that while he is aware of the risk, he is “not particularly frightened.”
“There is not much we can do about that, but we can surely be more cautious,” Saber remarked.
Leave feedback about this