and shares their tools and techniques,” the hackers wrote.
Obviously, what Saber and cyb0rg did is technically a crime, although they will likely never be prosecuted for it, considering North Korea is sanctioned up to its eyeballs. The two hackers clearly believe Kimsuky members deserve to be exposed and embarrassed.
“Kimsuky, you’re not a hacker. You are driven by financial greed, to enrich your leaders, and to fulfill their political agenda. You steal from others and favour your own. You value yourself above the others: You are morally perverted,” the two wrote in Phrack. “You hack for all the wrong reasons.”
Saber and cyb0rg claim to have found evidence of Kimsuky compromising several South Korean government networks and companies, email addresses, and hacking tools used by the Kimsuky group, internal manuals, passwords, and more data.
Emails sent to the addresses allegedly belonging to the hackers, which were listed in the research, went unanswered.
The hackers wrote that they were able to identify Kim as a North Korean government hacker, thanks to “artifacts and hints” that pointed in that direction, including files configurations and domains previously attributed to the North Korean hacking group Kimsuky.
The hackers also noted Kim’s “strict office hours, always connecting at around 09:00 and disconnecting by 17:00 Pyongyang time.”