TZUTC: -0500   
   MSGID: 1361.consprcy@1:2320/105 2d01cd45   
   PID: Synchronet 3.21a-Linux master/123f2d28a Jul 12 2025 GCC 12.2.0   
   TID: SBBSecho 3.28-Linux master/123f2d28a Jul 12 2025 GCC 12.2.0   
   BBSID: CAPCITY2   
   CHRS: ASCII 1   
   FORMAT: flowed   
   Notorious North Korean hacking group Kimsuky gets hacked itself - revealing   
   some of its deepest secrets   
      
   Date:   
   Tue, 12 Aug 2025 16:04:00 +0000   
      
   Description:   
   A hacker with a conscience targeted Kimsuky and leaked tools, logs, and more.   
      
   FULL STORY   
      
   Kimsuky, a notorious North Korean state-sponsored threat actor , has been   
   hacked by someone who claims not to be a cybercriminal but rather - an   
   "artist".    
      
   The database is 8.9GB in size, and can be found on the Distributed Denial of   
   Secrets website, containing logs, tools, and infrastructure used by the    
   group, exposing their tactics, techniques, and procedures.    
      
   The haul contains phishing logs showing an attack against The Defense   
   Counterintelligence Command (South Korean military intelligence security   
   agency), different targeted domains, archives with the complete source code    
   of South Koreas Ministry of Foreign Affairs email platform (including    
   webmail, admin, and other modules), a list of South Korean university   
   professors, a toolkit for building phishing sites, Cobalt Strike loaders, and   
   more.   
      
   Driven by greed    
      
   Kimsuky is notorious for its cyber-espionage campaigns. The groups earliest   
   sightings were back in 2012, and since then, it was credited with numerous   
   attacks against government agencies, think tanks, research institutions, and   
   media outlets. It is particularly focused on Korean Peninsula affairs,    
   nuclear policy, and foreign relations.    
      
   The hacker, going by Saber / cyb0rg, slammed Kimsuky for advancing state   
   agendas:    
      
   Kimsuky, you are not a hacker. You are driven by financial greed, to enrich   
   your leaders, and to fulfill their political agenda, a letter accompanying    
   the dump reads. You steal from others and favor your own. You value yourself   
   above the others: You are morally perverted.    
      
   You hack for all the wrong reasons, the letter concluded.    
      
   Although a commendable effort, this leak will probably not completely stop   
   Kimsuky, a state-sponsored actor with formidable resources.    
      
   However, since many tools and methods have been burned, it could slow the   
   group down, expose current campaigns, and force it to start from scratch in   
   some cases.    
      
    Via BleepingComputer   
      
   ======================================================================   
   Link to news story:   
   https://www.techradar.com/pro/security/notorious-north-korean-hacking-group-ki   
   msuky-gets-hacked-itself-revealing-some-of-its-deepest-secrets   
      
   $$   
   --- SBBSecho 3.28-Linux   
    * Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)   
   SEEN-BY: 105/81 106/201 128/187 129/305 153/7715 154/110 218/700 226/30   
   SEEN-BY: 227/114 229/110 111 114 206 300 307 317 400 426 428 470 664   
   SEEN-BY: 229/700 705 266/512 291/111 320/219 322/757 342/200 396/45   
   SEEN-BY: 460/58 712/848 902/26 2320/0 105 304 3634/12 5075/35   
   PATH: 2320/105 229/426