Topics

More from TechCrunch

Hackers who exposed North Korean government hacker explain why they did it

Tech and VC heavyweights join the Disrupt 2025 agenda

Netflix, ElevenLabs, Wayve, Sequoia Capital, Elad Gil — just a few of the heavy hitters joining the Disrupt 2025 agenda. They’re here to deliver the insights that fuel startup growth and sharpen your edge. Don’t miss the 20th anniversary of TechCrunch Disrupt, and a chance to learn from the top voices in tech — grab your ticket now and save up to $600+ before prices rise.

Tech and VC heavyweights join the Disrupt 2025 agenda

Netflix, ElevenLabs, Wayve, Sequoia Capital — just a few of the heavy hitters joining the Disrupt 2025 agenda. They’re here to deliver the insights that fuel startup growth and sharpen your edge. Don’t miss the 20th anniversary of TechCrunch Disrupt, and a chance to learn from the top voices in tech — grab your ticket now and save up to $675 before prices rise.

Most Popular

Appeals court says NLRB structure unconstitutional, in a win for SpaceX

Why Paradigm built a spreadsheet with an AI agent in every cell

HR giant Workday says hackers stole personal data in recent breach

Sam Altman, over bread rolls, explores life after GPT-5

How your solar rooftop became a national security issue

A comprehensive list of 2025 tech layoffs

NASA has sparked a race to develop the data pipeline to Mars

Latest

AI

Amazon

Apps

Biotech & Health

Climate

Cloud Computing

Commerce

Crypto

Enterprise

EVs

Fintech

Fundraising

Gadgets

Gaming

Google

Government & Policy

Hardware

Instagram

Layoffs

Media & Entertainment

Meta

Microsoft

Privacy

Robotics

Security

Social

Space

Startups

TikTok

Transportation

Venture

Events

Startup Battlefield

StrictlyVC

Newsletters

Podcasts

Videos

Partner Content

TechCrunch Brand Studio

Crunchboard

Contact Us

Hackers who exposed North Korean government hacker explain why they did it Lorenzo Franceschi-Bicchierai AM PDT · August 21, 2025 Earlier this year, two hackers broke into a computer and soon realized the significance of what this machine was. As it turned out, they had landed on the computer of a hacker who allegedly works for the North Korean government. 

The two hackers decided to keep digging and found evidence that they say linked the hacker to cyberespionage operations carried out

Saber, one of the hackers involved, told TechCrunch that they had access to the North Korean government worker’s computer for around four months, but as soon as they understood what data they got access to, they realized they eventually had to leak it and expose what they had discovered.

“These nation state hackers are hacking for all the wrong reasons, I hope more of them will get exposed, they deserve to be,” said Saber, who spoke to TechCrunch after he and cyb0rg published an article in the legendary hacking e-zine Phrack, disclosing details of their findings. 

There are countless cybersecurity companies and researchers who closely track anything the North Korean government, and its many hacking groups are up to, which includes espionage operation but also increasingly large crypto heists, as well as wide-ranging operations where North Koreans pose as remote IT workers to fund the regime’s nuclear weapons program.

In this case, Saber and cyb0rg went one step further and actually hacked the hackers, an operation that can give more, or at least different, insights into how these government-backed groups work, as well las “what they are doing on a daily basis and so on,” as Saber put it. 

The hackers want to be known only

Techcrunch event Tech and VC heavyweights join the Disrupt 2025 agenda Netflix, ElevenLabs, Wayve, Sequoia Capital, Elad Gil — just a few of the heavy hitters joining the Disrupt 2025 agenda. They’re here to deliver the insights that fuel startup growth and sharpen your edge. Don’t miss the 20th anniversary of TechCrunch Disrupt, and a chance to learn from the top voices in tech — grab your ticket now and save up to $600+ before prices rise. Tech and VC heavyweights join the Disrupt 2025 agenda Netflix, ElevenLabs, Wayve, Sequoia Capital — just a few of the heavy hitters joining the Disrupt 2025 agenda. They’re here to deliver the insights that fuel startup growth and sharpen your edge. Don’t miss the 20th anniversary of TechCrunch Disrupt, and a chance to learn from the top voices in tech — grab your ticket now and save up to $675 before prices rise. San Francisco | October 27-29, 2025 REGISTER NOW At the same time, the hackers also understand that what they did is illegal, but they thought it was nonetheless important to publicize it. 

“Keeping it for us wouldn’t have been really helpful,” said Saber. “

“Hopefully this will also lead to many of their current victims being discovered and so to [the North Korean hackers] losing access,” he said.

“Illegal or not, this action has brought concrete artifacts to the community, this is more important,” said cyb0rg, in a message sent through Saber.

Saber said they are convinced that while the hacker — whom they call “Kim” — works for North Korea’s regime, they may actually be Chinese and work for both governments, based on their findings that Kim did not work during holidays in China, suggesting that the hacker may be based there. 

Also, according to Saber, at times Kim translated some Korean documents into simplified Chinese using Google Translate. 

Saber said that he never tried to contact Kim. “I don’t think he would even listen, all he does is empower his leaders, the same leaders who enslave his own people,” he said. “I’d probably tell him to use his knowledge in a way that helps people, not hurt them. But he lives in constant propaganda and likely since birth so this is all meaningless to him,” referring to the strict information vacuum that North Koreans live in, as they are largely cut off from the outside world.

Saber declined to disclose how he and cyb0rg got access to Kim’s computer, given that the two believe they can use the same techniques to “obtain more access to some other of their systems the same way.” 

During their operation, Saber and cyb0rg found evidence of active hacks carried out

North Korean hackers have a history of targeting people who work in the cybersecurity industry as well. That’s why Saber said he is aware of that risk, but “not really worried.” 

“Not much can be done about this, definitely being more careful though :),” said Saber.

Topics

Lorenzo Franceschi-Bicchierai Senior

Lorenzo Franceschi-Bicchierai is a Senior

You can contact or verify outreach from Lorenzo

October 27-29, 2025 San Francisco Put your brand in front of 10,000+ tech and VC leaders across all three days of Disrupt 2025. Amplify your reach, spark real connections, and lead the innovation charge. Secure your exhibit space before your competitor does.

Most Popular Appeals court says NLRB structure unconstitutional, in a win for SpaceX Aria Alamalhodaei

Why Paradigm built a spreadsheet with an AI agent in every cell Rebecca Szkutak

HR giant Workday says hackers stole personal data in recent breach Zack Whittaker

Sam Altman, over bread rolls, explores life after GPT-5 Maxwell Zeff

How your solar rooftop became a national security issue Connie Loizos

A comprehensive list of 2025 tech layoffs Cody Corrall Alyssa Stringer Kate Park

NASA has sparked a race to develop the data pipeline to Mars Aria Alamalhodaei

X LinkedIn Facebook Instagram youTube Mastodon Threads Bluesky TechCrunchStaffContact UsAdvertiseCrunchboard JobsSite Map Terms of ServicePrivacy PolicyRSS Terms of UseCode of Conduct Pixel 10Made © 2025 TechCrunch Media LLC.