Two self-described hacktivists broke into a workstation belonging to a North Korean government-affiliated hacker—then took the bold step of exposing the contents online. Known by their handles Saber and cyb0rg, they monitored the account for four months before publishing their findings in the hacker magazine Phrack.
Data Protection and DPDP Act Readiness: Hundreds of Senior Leaders Sign Up for CDPO Program
Hacking the Hidden: What Motivated the Exposure
Saber told TechCrunch that once they realized whose computer they had breached, they faced a moral choice. “These nation-state hackers are hacking for all the wrong reasons,” he said. “I hope more of them will get exposed—they deserve to be.”
Rather than sit on the data, the duo decided to make it public. “Keeping it for us wouldn’t have been really helpful,” Saber explained. “By leaking it all to the public, hopefully we can give researchers more ways to detect them.” Cyb0rg added, “Illegal or not, this action has brought concrete artifacts to the community—that is more important.”
What the Leak Revealed and Why It Matters
Their breach uncovered evidence of North Korean cyberespionage operations, including tools, exploits, and infrastructure. They shared details showing the target—referred to as “Kim”—used a setup tied to Kimsuky (also known as APT43 or Thallium), a group linked to intelligence-gathering operations targeting South Korea and beyond. Kimsuky is known for cyberattacks on think tanks, nuclear bodies, and diplomatic entities.
The data dump included communication records, a virtual private server login, and hints suggesting cooperation between the “Kim” operative and Chinese-affiliated hackers. The duo also observed suspicious patterns—such as translating Korean texts into simplified Chinese—raising questions about the hacker’s true location and affiliations.
Saber and cyb0rg noted the legal risks they face, including retaliation from a powerful regime. Yet they say their goal is to shine light on otherwise invisible operations. As Saber put it: “I’d probably tell [the hacker] to use his knowledge in a way that helps people, not hurt them.”
