Global Economic Times

North Korean Hacker 'Kimsuky' Computer Hacked... Evidence of Infiltration into South Korean Government and Businesses Found: KO YONG-CHUL Reporter / Updated : 2025-08-13 08:52:13

A working computer belonging to a hacker from the North Korean hacking organization 'Kimsuky' has reportedly been infiltrated by external hackers, leading to the discovery of concrete evidence of attacks on South Korean government agencies and businesses. This is considered an almost unprecedented case that provides a look into the internal activities of a North Korean hacking group.

According to a report by the IT specialized media outlet TechCrunch, hackers named 'Saber' and 'Cyborg' revealed this information in an article for the latest issue of the cybersecurity e-magazine 'Phrack'. They stated that they infiltrated a computer used by a North Korean hacker named 'Kim' and looked into the group's internal activities through a virtual machine and a virtual private server (VPS).

'Kim' has been identified as a member of the 'Kimsuky' hacking organization, which is under the North Korean Reconnaissance General Bureau. 'Kimsuky' is an Advanced Persistent Threat (APT) group known for targeting government agencies and other entities in various countries, including South Korea, that are of interest to North Korean intelligence. They also carry out cybercrime operations and are a primary means of stealing and laundering virtual assets to fund North Korea's nuclear weapons development.

Through this hack, evidence was reportedly found that 'Kimsuky' had infiltrated the networks of the South Korean government and several businesses. While the hackers did not disclose the specific names of the agencies and companies, they stated that they secured various data, including tools used for hacking, internal manuals, and passwords. They also claimed to have found evidence that 'Kimsuky' openly cooperates with Chinese government hackers, sharing technologies and tools.

The hackers explained that they were able to identify 'Kim' as a North Korean hacker through various traces, such as file settings and domains known to be used by 'Kimsuky'. Notably, 'Kim' was found to adhere to a strict work schedule, logging in around 9 AM and logging out around 5 PM Pyongyang time every day.

This incident is expected to provide important clues for a three-dimensional understanding of the North Korean hacking organization's methods and scale. It is drawing attention as a significant opportunity to grasp the true nature of the threat in a more practical way by directly infiltrating a hacker's computer to secure internal information, moving beyond the traditional methods of security research or company data breach analysis.