North Korean Hackers Explain Their Motives - Inside Story

North Korean Hacker Exposed by Fellow Hackers

Earlier in the year, a security breach occurred when two individuals successfully infiltrated a computer system. They quickly ascertained the importance of the compromised machine.

The pair discovered they had gained access to the computer belonging to an individual believed to be affiliated with the North Korean government’s hacking operations.

Discovery of Cyberespionage Activities

Further investigation led the hackers to uncover evidence suggesting the individual’s involvement in cyberespionage activities conducted by North Korea. This included the identification of exploits, hacking tools, and the infrastructure utilized in these operations.

Saber, one of the hackers, revealed to TechCrunch that they maintained access to the North Korean government worker’s computer for approximately four months. Upon understanding the nature of the data obtained, they determined that its public disclosure was essential.

“Nation-state actors engage in hacking for unethical purposes. It is my hope that more of their activities will be brought to light, as they are deserving of exposure,” Saber stated, following the publication of an article detailing their findings in the renowned hacking e-zine, Phrack.

Tracking North Korean Hacking Groups

Numerous cybersecurity firms and researchers diligently monitor the activities of the North Korean government and its associated hacking groups. This includes tracking espionage operations, substantial cryptocurrency thefts, and operations involving North Korean individuals posing as remote IT professionals to finance the regime’s nuclear weapons program.

Saber and cyb0rg took a unique approach by directly hacking the hackers themselves. This operation provides potentially novel and different insights into the workings of these government-backed groups, as well as their day-to-day activities.

Motivations and Risks

The hackers, identifying themselves only as Saber and cyb0rg, have chosen to remain anonymous due to the potential for retaliation from the North Korean government, and potentially other entities. Saber described their actions as motivated by hacktivism, citing the legendary hacktivist Phineas Fisher – known for targeting spyware developers FinFisher and Hacking Team – as a source of inspiration.

While acknowledging the illegal nature of their actions, the hackers believed that publicizing their findings was paramount.

“Restricting this information to ourselves would have offered limited benefit,” Saber explained. “By releasing it publicly, we aim to provide researchers with additional methods for detection.”

He further expressed hope that this disclosure would lead to the identification of current victims and the disruption of the North Korean hackers’ access.

“Regardless of legality, this action has yielded tangible artifacts for the community, and that is of greater importance,” cyb0rg communicated through Saber.

Possible Dual Allegiance

Saber believes the hacker, referred to as “Kim,” may work for both the North Korean and Chinese governments. This conclusion is based on observations that Kim did not work during Chinese national holidays, suggesting a potential base of operations in China.

Additionally, Saber noted instances where Kim utilized Google Translate to convert Korean documents into simplified Chinese.

A Lost Cause?

Saber refrained from attempting to contact Kim directly. “I doubt he would be receptive; his actions solely serve to empower his leaders, the same leaders who oppress his own people,” he stated. “I would encourage him to utilize his skills to assist others, rather than inflict harm. However, he exists within a constant state of propaganda and has likely been subjected to it since birth, rendering such appeals meaningless.” This refers to the limited access to external information experienced by North Korean citizens.

Maintaining Operational Security

Saber declined to reveal the specific methods used to gain access to Kim’s computer, citing the potential for utilizing the same techniques to access other systems.

During their operation, Saber and cyb0rg discovered evidence of ongoing attacks carried out by Kim against companies located in South Korea and Taiwan. They claim to have contacted and alerted these organizations.

Awareness of Potential Retaliation

North Korean hackers have a documented history of targeting individuals within the cybersecurity industry. Saber acknowledged this risk but expressed a lack of significant concern.

“While little can be done to prevent such actions, increased vigilance is certainly warranted,” Saber said.

We are committed to continuous improvement, and your feedback is invaluable. By sharing your perspectives on TechCrunch’s coverage and events, you can help us enhance our services! Complete this survey to provide your input and enter for a chance to win a prize!