The legendary hacker magazine Phrack, a symbol of hacker culture since 1985, has again shocked the international community. Two hackers known as "Saber" and "cyb0rg" disclosed internal materials containing actual operational traces of Kimsuky — a hacking organization affiliated with North Korea''s Reconnaissance General Bureau. The disclosure file is titled "APT Down: The North Korea Files" — a digital document that lays bare North Korean espionage activities.
Key Targets: Korean Defense and Diplomatic Secrets
Records obtained by the hackers show North Korea intensively attacked South Korea''s Defense Counterintelligence Command (dcc.mil.kr) and Ministry of Foreign Affairs email servers (mofa.go.kr). The Counterintelligence Command attack method was sophisticated — North Korean hackers created fake login pages identical to the real agency homepage. When victims entered their IDs and passwords, they were transmitted directly to North Korean servers, then redirected to the real site''s error page. From users'' perspective it appeared as a simple login failure, but account credentials had already been stolen. The Foreign Affairs case was more serious — hackers obtained the compressed file "mofa.go.kr.7z" containing the entire source code of the Ministry''s internal email system, including code updated through April 2025, demonstrating deep ongoing access.
The Phishing Tool "Generator"
One tool Kimsuky used was a phishing management tool called "generator.php" — designed for remote phishing attack control. Administrators could access it with just a cookie value without passwords, and it included a blacklist function blocking security companies like Google and Trend Micro. The traces of "KIM" revealed: Google account records including VPN payment history and Taiwan government/military site access records; Cobalt Strike loader and reverse shell scripts for taking over government networks remotely; VMware use for transferring files between Windows and Linux; Chrome history showing GitHub hacking projects, Chinese/Russian hacking community visits, and even error messages translated into Chinese for analysis. These traces show North Korea operating not merely with hacking capabilities but systematically at a level where individual hackers'' daily patterns are revealed in actual operational execution.
Phrack''s disclosure reveals that cyber space is already a new battlefield — malicious code instead of guns, phishing emails instead of spies. North Korea''s operational scope extends beyond South Korea to Taiwan government/military sites and broader Asian targets, representing state-level long-term information and psychological warfare. This is a clear warning: South Korea and the international community must strengthen cybersecurity cooperation and defense strategies, particularly as AI, cloud, and 5G infrastructure proliferation gives North Korean hackers'' operations broader and deeper expansion potential.
