Breach cyber

Kimsuky

Aug 11, 2025 1 min read
Kimsuky

The North Korean state-sponsored hacking group Kimsuky suffered a data breach when two hackers, Saber and cyb0rg, stole and leaked the group's data. The breach exposed phishing logs, source code of South Korea's Ministry of Foreign Affairs email platform, citizen certificates, phishing toolkits, and operational details. The leaked data, hosted on Distributed Denial of Secrets, includes internal tools, stolen data, and infrastructure details, potentially disrupting Kimsuky's ongoing campaigns. The breach highlights ethical opposition to Kimsuky's activities and provides insights into their methods.

Source: https://www.bleepingcomputer.com/news/security/north-korean-kimsuky-hackers-exposed-in-alleged-data-breach/

TPRM report: https://www.rankiteo.com/company/security-joes

"id": "sec215081225",
"linkid": "security-joes",
"type": "Breach",
"date": "8/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"
{'affected_entities': [{'industry': 'Cyber Espionage',
                        'location': 'North Korea',
                        'name': 'Kimsuky',
                        'type': 'State-sponsored hacking group'}],
 'data_breach': {'data_exfiltration': True,
                 'file_types_exposed': '.7z, .tar.gz, .bin',
                 'personally_identifiable_information': 'South Korean citizen '
                                                        'certificates, curated '
                                                        'lists of university '
                                                        'professors',
                 'sensitivity_of_data': 'High',
                 'type_of_data_compromised': 'Phishing logs, source code, '
                                             'citizen certificates, phishing '
                                             'toolkits, binary archives, '
                                             'Cobalt Strike loaders, Chrome '
                                             'history, Bash history'},
 'description': 'The North Korean state-sponsored hackers known as Kimsuky '
                'suffered a data breach after two hackers, Saber and cyb0rg, '
                "stole the group's data and leaked it publicly online. The "
                'hackers cited ethical reasons for their actions, claiming '
                'Kimsuky is driven by political agendas and financial greed.',
 'impact': {'data_compromised': 'Phishing logs, source code, citizen '
                                'certificates, phishing toolkits, binary '
                                'archives, Cobalt Strike loaders, Chrome '
                                'history, Bash history',
            'operational_impact': 'Operational difficulties and disruptions to '
                                  'ongoing campaigns for Kimsuky'},
 'motivation': "Ethical reasons, opposition to Kimsuky's political agenda and "
               'financial greed',
 'ransomware': {'data_exfiltration': True},
 'references': [{'source': 'BleepingComputer'},
                {'source': 'Phrack'},
                {'source': 'Distributed Denial of Secrets'}],
 'threat_actor': 'Saber and cyb0rg',
 'title': 'Kimsuky Data Breach by Saber and cyb0rg',
 'type': 'Data Breach'}
Published by
Jeremy C
Jeremy C
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.