Hackers Expose North Korean Government Hacker: Why They Did It
Hackers who exposed North Korean government hacker explain why they did it | TechCrunch
TechCrunch Desktop Logo
TechCrunch Mobile Logo
LatestStartupsVentureAppleSecurityAIApps
EventsPodcastsNewsletters
SearchSubmit
Site Search Toggle
Mega Menu Toggle
Topics
Latest
AI
Amazon
Apps
Biotech & Health
Climate
Cloud Computing
Commerce
Crypto
Enterprise
EVs
Fintech
Fundraising
Gadgets
Gaming
Government & Policy
Hardware
Layoffs
Media & Entertainment
Meta
Microsoft
Privacy
Robotics
Security
Social
Space
Startups
TikTok
Transportation
Venture
More from TechCrunch
Staff
Events
Startup Battlefield
StrictlyVC
Newsletters
Podcasts
Videos
Partner Content
TechCrunch Brand Studio
Crunchboard
Contact Us
Image Credits:JORGE SILVA / POOL / AFP / Getty Images
Security
Hackers who exposed North Korean government hacker explain why they did it
Lorenzo Franceschi-Bicchierai
5:30 AM PDT · August 21, 2025
Earlier this year, two hackers broke into a computer and soon realized the significance of what this machine was. As it turned out, they had landed on the computer of a hacker who allegedly works for the North Korean government. The two hackers decided to keep digging and found evidence that they say linked the hacker to cyberespionage operations carried out by North Korea, exploits and hacking tools, and infrastructure used in those operations. Saber, one of the hackers involved, told TechCrunch that they had access to the North Korean government worker's computer for around four months, but as soon as they understood what data they got access to, they realized they eventually had to leak it and expose what they had discovered. 'These nation-state hackers are hacking for all the wrong reasons. I hope more of them will get exposed; they deserve to be,' said Saber, who spoke to TechCrunch after he and cyb0rg published an article in the legendary hacking e-zine Phrack, disclosing details of their findings. There are countless cybersecurity companies and researchers who closely track anything the North Korean government and its many hacking groups are up to, which includes espionage operations, as well as increasingly large crypto heists and wide-ranging operations where North Koreans pose as remote IT workers to fund the regime’s nuclear weapons program. In this case, Saber and cyb0rg went one step further and actually hacked the hackers, an operation that can give more, or at least different, insights into how these government-backed groups work, as well as 'what they are doing on a daily basis and so on,' as Saber put it. The hackers want to be known only by their handles, Saber and cyb0rg, because they may face retaliation from the North Korean government, and possibly others. Saber said that they consider themselves hacktivists, and he name-dropped legendary hacktivist Phineas Fisher, responsible for hacking spyware makers FinFisher and Hacking Team, as an inspiration. Techcrunch event
Tech and VC heavyweights join the Disrupt 2025 agenda
Netflix, ElevenLabs, Wayve, Sequoia Capital, Elad Gil — just a few of the heavy hitters joining the Disrupt 2025 agenda. They’re here to deliver the insights that fuel startup growth and sharpen your edge. Don’t miss the 20th anniversary of TechCrunch Disrupt, and a chance to learn from the top voices in tech — grab your ticket now and save up to $600+ before prices rise.
San Francisco
|
October 27-29, 2025
REGISTER NOW
At the same time, the hackers also understand that what they did is illegal, but they thought it was nonetheless important to publicize it. 'Keeping it for us wouldn't have been really helpful,' said Saber. 'By leaking it all to the public, hopefully we can give researchers some more ways to detect them.' 'Hopefully this will also lead to many of their current victims being discovered and so to [the North Korean hackers] losing access,' he said. 'Illegal or not, this action has brought concrete artifacts to the community; this is more important,' said cyb0rg in a message sent through Saber.
Saber said they are convinced that while the hacker — who they call 'Kim' — works for North Korea’s regime, they may actually be Chinese and work for both governments, based on their findings that Kim did not work during holidays in China, suggesting that the hacker may be based there. Also, according to Saber, at times Kim translated some Korean documents into simplified Chinese using Google Translate. Saber said that he never tried to contact Kim. 'I don't think he would even listen; all he does is empower his leaders, the same leaders who enslave his own people,' he said. 'I'd probably tell him to use his knowledge in a way that helps people, not hurt them. But he lives in constant propaganda and likely since birth so this is all meaningless to him.' He's referring to the strict information vacuum that North Koreans live in, as they are largely cut off from the outside world. Saber declined to disclose how he and cyb0rg got access to Kim's computer, given that the two believe they can use the same techniques to 'obtain more access to some other of their systems the same way.' During their operation, Saber and cyb0rg found evidence of active hacks carried out by Kim, against South Korean and Taiwanese companies, which they say they contacted and alerted. North Korean hackers have a history of targeting people who work in the cybersecurity industry as well. That's why Saber said he is aware of that risk, but 'not really worried.' 'Not much can be done about this, definitely being more careful though :),' said Saber.
3 weeks ago