North Korean hacker's secrets leaked online; Kimsuky's attacks laid bare
A big North Korean cyber-espionage operation just got exposed after hackers Saber and cyb0rg broke into the computer of a hacker called "Kim," as reported on August 12, 2025.
They grabbed nearly 9GB of sensitive stuff—think internal guides, passwords, phishing kits, hacking tools, and emails.
"Kim" is linked to the Kimsuky group (APT43), which is known for targeting South Korean government agencies and stealing crypto to help fund North Korea's nuclear program.
The hacker's secrets are now public
By digging through digital clues like domain links and work hours in Pyongyang, Saber and cyb0rg confirmed Kim's North Korean ties.
The files show direct attacks on South Korea's Ministry of Foreign Affairs and Defense Counterintelligence Command.
Even though hacking back is illegal, prosecution isn't likely since North Korea is so isolated. Still, this rare leak means Kimsuky now has to rebuild parts of its operation—and cybersecurity teams worldwide have new intel to defend against future attacks.
The files are now public thanks to DDoSecrets and were detailed in Phrack magazine.