Hackers have released 9GB of files from an alleged North Korean hacker, exposing espionage tools, stolen data, and operational secrets.

Quick Summary – TLDR:

  • Two hackers leaked 9GB of alleged Kimsuky cyber espionage files during DEF CON.
  • Data includes phishing logs, stolen credentials, and source code of a South Korean government email platform.
  • Leak exposes tools, infrastructure, and operational methods used by the group.
  • Security experts say the files are a rare insight into advanced threat actor operations.

What Happened?

Two hackers, using the names Saber and cyb0rg, claim to have accessed systems used by an operator tied to the North Korean linked hacking group Kimsuky. The pair say they acted for ethical reasons, accusing Kimsuky of working for political agendas instead of pursuing hacking independently.

The stolen files, totaling 8.9GB, were released publicly during DEF CON 33 in Las Vegas through the 40th anniversary issue of the legendary hacker magazine Phrack. The data is now hosted on the Distributed Denial of Secrets (DDoSecrets) website for free download.

The Unprecedented Leak at DEF CON

Unlike many leaks that surface on underground forums or through accidental server exposures, this breach was deliberately shared at one of the world’s most well known hacking conferences. According to the leakers, they breached a virtual workstation and a virtual private server linked to “KIM,” a suspected Kimsuky operator. Some experts note it is also possible the person is based in China, showing the difficulty of attribution in cyber espionage.

Inside the 9GB Archive

The leaked files contain a wide range of materials that reveal the group’s methods and possible targets. Key details include:

  • Phishing logs targeting South Korea’s Defense Counterintelligence Command and domains like spo.go.kr, korea.kr, daum.net, kakao.com, and naver.com.
  • A .7z archive containing the complete source code for South Korea’s Ministry of Foreign Affairs “Kebi” email system, including webmail, admin, and archive modules.
  • Lists of South Korean citizen certificates and curated profiles of university professors.
  • A PHP Generator toolkit for creating phishing sites with evasion and redirection capabilities.
  • Live phishing kits and unknown binary archives such as voS9AyMZ.tar.gz and Black.x64.tar.gz.
  • Cobalt Strike loaders, reverse shells, and proxy modules found in VMware cache.
  • Browser history linking to suspicious GitHub accounts, VPN purchases via Google Pay, and visits to Taiwanese government and military sites.
  • Bash history logs showing SSH connections to internal systems.

Rare Insight Into a State Backed Hacking Group

Analysts say the authenticity of the files appears consistent with real espionage operations. While some items in the leak were already documented, the new material links multiple tools and campaigns, providing a more complete view of Kimsuky’s infrastructure.

This leak follows similar exposures in the past, such as in 2020 when IBM’s X-Force discovered 40GB of videos showing Iranian hackers training others in account hijacking.

Although this breach may not permanently damage Kimsuky, it could disrupt ongoing operations and force the group to alter its methods.

SQ Magazine Takeaway

I think this leak is a big deal because it gives the public and researchers a look behind the curtain of a state backed hacking group. Whether you see Saber and cyb0rg as vigilantes or whistleblowers, they have effectively burned a large chunk of Kimsuky’s playbook. That means security teams can now better defend against cyberattacks, at least for a while. It is also a reminder that even the most secretive operators are not untouchable.

Avatar of Rajesh Namase

Rajesh Namase

Tech Editor


Rajesh Namase is a seasoned tech blogger, digital entrepreneur, and founder of SQ Magazine. Known for creating the popular tech blog TechLila, he now covers cybersecurity and technology news with a focus on how digital trends shape modern life. Rajesh enjoys playing badminton, practicing yoga, and exploring new ideas beyond the screen.
Disclaimer: Content on SQ Magazine is for informational and educational purposes only. Please verify details independently before making any important decisions based on our content.

Reader Interactions

Leave a Comment