Amid North Korea's active hacking activities to acquire foreign currency such as cryptocurrency, claims have emerged that a computer used by North Korean hackers was hacked to secure internal information. The information technology (IT) media outlet TechCrunch reported on the 12th (local time) that two hackers infiltrated a work computer used by a hacker from the North Korean hacker group 'Kimsuki.'
Those using the pseudonyms 'Saber' and 'Cyborg' disclosed their hacking activities in the latest issue of the cybersecurity electronic magazine 'Phrack,' revealing that a hacker known as 'Kim' is affiliated with the North Korean reconnaissance bureau's advanced persistent threat (APT) group 'Kimsuki.' 'Kimsuki' primarily targets the South Korean government and various agencies while being known to be involved in the theft and laundering of cryptocurrency to fund North Korea's nuclear weapons program.
The two hackers stated that through this hacking incident, they confirmed evidence that 'Kimsuki' closely collaborates with Chinese government hackers, sharing tools and techniques. They also discovered evidence of infiltrations into the South Korean government networks and multiple corporations, but did not disclose the names of specific agencies and corporations. Additionally, various internal materials, including email addresses, hacking tools, internal manuals, and passwords, were secured.
Clues that led to identifying the hacker 'Kim' included file settings and past domain records related to 'Kimsuki.' In particular, 'Kim' exhibited a strict work pattern, arriving at 9 a.m. and logging off at 5 p.m. based on Pyongyang time, the two hackers added. This case is regarded as a rare opportunity to directly observe the internal workings of North Korean hacking organizations.