\n<\/p>\n
Earlier this year, two hackers broke into a computer and soon realized the significance of what this machine was. As it turned out, they had landed on the computer of a hacker who allegedly works for the North Korean government<\/a>.\u00a0<\/p>\n The two hackers decided to keep digging and found evidence that they say linked the hacker to cyberespionage operations carried out by North Korea, exploits and hacking tools, and infrastructure used in those operations.\u00a0<\/p>\n Saber, one of the hackers involved, told TechCrunch that they had access to the North Korean government worker\u2019s computer for around four months, but as soon as they understood what data they got access to, they realized they eventually had to leak it and expose what they had discovered.<\/p>\n \u201cThese nation-state hackers are hacking for all the wrong reasons. I hope more of them will get exposed; they deserve to be,\u201d said Saber, who spoke to TechCrunch after he and cyb0rg published an article in the legendary hacking e-zine Phrack<\/a>, disclosing details of their findings.\u00a0<\/p>\n There are countless cybersecurity companies and researchers who closely track anything the North Korean government and its many hacking groups are up to, which includes espionage operations, as well as increasingly large<\/a> crypto<\/a> heists<\/a> and wide-ranging operations where North Koreans pose as remote IT workers<\/a> to fund the regime\u2019s nuclear weapons program.<\/p>\n In this case, Saber and cyb0rg went one step further and actually hacked the hackers, an operation that can give more, or at least different, insights into how these government-backed groups work, as well as \u201cwhat they are doing on a daily basis and so on,\u201d as Saber put it.\u00a0<\/p>\n The hackers want to be known only by their handles, Saber and cyb0rg, because they may face retaliation from the North Korean government, and possibly others. Saber said that they consider themselves hacktivists, and he name-dropped legendary hacktivist Phineas Fisher<\/a>, responsible for hacking spyware makers FinFisher<\/a> and Hacking Team<\/a>, as an inspiration.\u00a0<\/p>\n Techcrunch event<\/p>\n \n\t\t\t\t\t\t\t\t\tSan Francisco<\/span> At the same time, the hackers also understand that what they did is illegal, but they thought it was nonetheless important to publicize it.\u00a0<\/p>\n \u201cKeeping it for us wouldn\u2019t have been really helpful,\u201d said Saber. \u201cBy leaking it all to the public, hopefully we can give researchers some more ways to detect them.\u201d<\/p>\n \u201cHopefully this will also lead to many of their current victims being discovered and so to [the North Korean hackers] losing access,\u201d he said.<\/p>\n \u201cIllegal or not, this action has brought concrete artifacts to the community; this is more important,\u201d said cyb0rg in a message sent through Saber.<\/p>\n Saber said they are convinced that while the hacker \u2014 who they call \u201cKim\u201d \u2014 works for North Korea\u2019s regime, they may actually be Chinese and work for both governments, based on their findings that Kim did not work during holidays in China, suggesting that the hacker may be based there.\u00a0<\/p>\n Also, according to Saber, at times Kim translated some Korean documents into simplified Chinese using Google Translate.\u00a0<\/p>\n Saber said that he never tried to contact Kim. \u201cI don\u2019t think he would even listen; all he does is empower his leaders, the same leaders who enslave his own people,\u201d he said. \u201cI\u2019d probably tell him to use his knowledge in a way that helps people, not hurt them. But he lives in constant propaganda and likely since birth so this is all meaningless to him.\u201d He\u2019s referring to the strict information vacuum that North Koreans live in, as they are largely cut off from the outside world.<\/p>\n Saber declined to disclose how he and cyb0rg got access to Kim\u2019s computer, given that the two believe they can use the same techniques to \u201cobtain more access to some other of their systems the same way.\u201d\u00a0<\/p>\n During their operation, Saber and cyb0rg found evidence of active hacks carried out by Kim, against South Korean and Taiwanese companies, which they say they contacted and alerted.\u00a0<\/p>\n North Korean hackers have a history of targeting people who work in the cybersecurity industry as well. That\u2019s why Saber said he is aware of that risk, but \u201cnot really worried.\u201d\u00a0<\/p>\n \u201cNot much can be done about this, definitely being more careful though :),\u201d said Saber.<\/p>\n We\u2019re always looking to evolve, and by providing some insight into your perspective and feedback into TechCrunch and our coverage and events, you can help us!\u00a0<\/em>Fill out this survey to let us know how we\u2019re doing<\/em><\/a>\u00a0and get the chance to win a prize in return!<\/em><\/p>\n<\/div>\n
\n\t\t\t\t\t\t\t\t\t\t\t\t\t|<\/span>
\n\t\t\t\t\t\t\t\t\t\t\t\t\tOctober 27-29, 2025<\/span>\n\t\t\t\t\t\t\t<\/p>\n<\/p><\/div>\n<\/p><\/div>\n<\/div>\n
\n