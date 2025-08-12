North Korean state-backed advanced persistent threat operation Kimsuky had an 8.9 GB data trove stolen and exposed by hackers 'Saber' and 'cyb0rg' in retaliation for the APT's wrongful attacks that were advanced by "political agendas" and "financial greed", reports BleepingComputer.
Aside from phishing logs with various Defense Counterintelligence Command email accounts, multiple targeted domains, a .7z archive with the South Korean Ministry of Foreign Affairs email platform's entire source code, the Kimsuky data dump which has been added to the Distributed Denial of Secrets site also included a PHP Generator toolkit for phishing site development, live phishing kits, and unknown binary archives and executables, noted the hackers in the latest issue of the Phrack magazine distributed at the DEF CON 33 conference. Hackers also touted the inclusion of Kimsuky's Cobalt Strike loaders, Onnara proxy modules, and Bash history with SSH connections to internal systems in the leaked data. Such data exposure, which is yet to be verified by security researchers, could hinder Kimsuky's operations, noted BleepingComputer.
