Earlier this year, two hackers broke into a computer and quickly realized the importance of what this machine is. After all, they landed on the computers of hackers who are allegedly working for the North Korean government.
The two hackers decided to continue digging and found evidence that they linked the hackers to the cyberspion operations carried out by North Korea, exploits and hacking tools, and the infrastructure used in their operations.
Saber, one of the hackers involved, told TechCrunch that he could access the computers of North Korean workers for about four months, but as soon as he understood the data he could access, he realized he had to finally leak it and reveal what he discovered.
“These nation-state hackers are hacking for all the wrong reasons. I hope that a lot of them will be exposed. They deserve to exist.
There are countless cybersecurity companies and researchers who closely track what the North Korean government and many of its hacking groups include espionage. It also includes increasingly larger code robberies and a wide range of operations where North Korea posses as remote workers to fund the administration’s nuclear weapons programme.
In this case, Saber and Cyb0RG went a step further and actually hacked the hackers. This is operations that can give more, or at least different insight into how these government-backed groups work, and, as Saber said, “what they do on a daily basis, etc.”
Hackers hope to be known only by Handle, Saber and Cyb0RG as they could face retaliation from the North Korean government. Saber says they consider themselves a hacktivist, and he named the legendary Hacktivist Phineas Fisher, who is responsible for the inspiration of spyware maker Finfisher and hacking team hacking.
TechCrunch Events
San Francisco
|
October 27th-29th, 2025
At the same time, the hackers also understood that what they did was illegal, but they still thought it was important to make it public.
“It would have really not been helpful to keep it for us,” Saber said. “We hope that by letting it all go to the public, we can give researchers some ways to detect them.”
“Hopefully this will lead to many of their current victims being discovered and (North Korean hackers) losing access,” he said.
“The action brought concrete artifacts to the community, whether illegal or not. This is even more important,” Cyb0RG said in a message sent through Saber.
Saber said he is confident that the hacker, known as “Kim,” works in the North Korean regime, is actually Chinese, and may work for both governments based on the finding that Kim did not work during his Chinese holidays, suggesting that the hackers will be based there.
Also, according to Saber, Kim used Google Translation to translate some Korean documents into simplified Chinese.
Saber said he didn’t try to contact Kim. “I don’t think he even hears. All he does is empower his leader, the same leaders who enslaved his people,” he said. “I would probably tell him to use his knowledge in a way that helps people rather than hurt them. But this is pointless to him, as he lives in constant propaganda and is probably alive from birth,” he mentions the strict information vacuum inhabited by North Korea.
Saber refused to disclose how he and Cyb0RG have access to Kim’s computer. The two believe that using the same technique can “get access to several systems on other systems in the same way.”
During their surgery, Saber and Cyb0RG discovered evidence of the aggressive hacking Kim had done against companies in Korea and Taiwan.
North Korean hackers have a history of targeting people who also work in the cybersecurity industry. That’s why Saber said he was aware of the risk, but he said he “is not really worried.”
“I can’t do much about this, definitely take more attention :),” Saber said.
We are constantly aiming to evolve and you can help us by providing insights into TechCrunch and your perspective and feedback on our coverage and events! Fill in this research to let us know how we are doing and get the opportunity to win an award in return!
