|
|
|
|
August 21, 2025
|
Ecosia Proposes Unusual Stewardship Model for Google Chrome
|
|
August 21, 2025
|
OpenAI Presses Meta for Evidence on Musk’s $97 Billion Takeover Bid
|
|
August 15, 2025
|
ChatGPT Mobile App Surpasses $2 Billion in Consumer Spending, Dominating Rivals
|
|
August 15, 2025
|
Gemini Seeks IPO on Nasdaq Despite Deepening Losses
|
|
|
Hackers Infiltrate Alleged North Korean Operative’s Computer, Leak Evidence of Cyberespionage
August 21, 2025
Two hackers say they broke into the computer of an alleged North Korean government-linked operative earlier this year, uncovering evidence of espionage campaigns, custom exploits, and infrastructure used in state-sponsored cyber operations.
The hackers, who go by the handles Saber and cyb0rg, claim they maintained access to the machine for about four months before deciding to leak their findings. They published their discoveries in the long-running hacker zine Phrack, disclosing details that they argue could help researchers track and defend against North Korean hacking groups.
“These nation-state hackers are hacking for all the wrong reasons,” Saber said. “I hope more of them will get exposed; they deserve to be.”
North Korean hacking groups are already heavily scrutinized by cybersecurity firms and intelligence agencies. Their activities range from espionage campaigns against foreign governments to cryptocurrency thefts worth billions, as well as elaborate schemes where operatives pose as remote IT workers to funnel money back to the regime.
What sets Saber and cyb0rg’s effort apart is that they claim to have hacked the hackers themselves. According to them, this provided a window into the day-to-day activities of a state-backed operator — details that are often difficult to obtain through conventional cybersecurity research.
The hackers insist on remaining anonymous, citing fears of retaliation from North Korea or others. They describe themselves as hacktivists, drawing inspiration from figures like Phineas Fisher, who previously targeted surveillance companies.
Both acknowledge their actions were illegal but argue that disclosure was necessary. “Keeping it for us wouldn’t have been really helpful,” Saber said. “By leaking it all to the public, hopefully we can give researchers more ways to detect them — and maybe help victims cut off their access.”
Their findings suggest that the hacker they tracked — whom they call “Kim” — may straddle both Chinese and North Korean affiliations. Saber pointed to evidence such as avoiding work during Chinese public holidays and translating Korean documents into simplified Chinese with online tools.
During their operation, Saber and cyb0rg say they found evidence of ongoing attacks against South Korean and Taiwanese companies, which they claim to have privately alerted. They did not disclose the methods they used to infiltrate Kim’s computer, saying they intend to reuse those techniques to continue targeting similar systems.
Despite the risks, Saber said he is not overly concerned about becoming a target himself. “Not much can be done about this,” he said, though he added he is taking extra precautions.
|
|
|
Sign Up to
Our Newsletter!
Get the latest news in tech.
|
|
|
