How the “kim” Dump Exposed North Korea's Credential Theft Playbook

Posted4 months agoActive4 months ago

notmine1337

405 points

181 comments

dti.domaintools.comTechstoryHigh profile

calmmixed

Debate

60/100

CybersecurityNorth KoreaChinaCredential Theft

Key topics

Cybersecurity

North Korea

China

Credential Theft

The 'Kim dump' leak exposed North Korea's credential theft playbook, revealing their tactics and tools, and sparking discussions on the implications for cybersecurity and geopolitics.

Snapshot generated from the HN discussion

Discussion Activity

Very active discussion

First comment

Peak period

114

Day 1

Avg / period

21.3

Comment distribution149 data points

Loading chart...

Based on 149 loaded comments

Key moments

01Story posted
Sep 6, 2025 at 3:14 PM EDT
4 months ago
Step 01
02First comment
Sep 6, 2025 at 6:06 PM EDT
3h after posting
Step 02
03Peak activity
114 comments in Day 1
Hottest window of the conversation
Step 03
04Latest activity
Sep 15, 2025 at 6:55 AM EDT
4 months ago
Step 04

Generating AI Summary...

Analyzing up to 500 comments to identify key contributors and discussion patterns

Discussion (181 comments)

Showing 149 comments of 181

tremon

4 months ago

4 replies

> The dump also revealed reliance on GitHub repositories known for offensive tooling. TitanLdr, minbeacon, Blacklotus, and CobaltStrike-Auto-Keystore were all cloned or referenced in command logs.

What's the rationale for allowing the development of offensive tooling on github? Is this a free-speech thing, or are these repositories relevant for scientific research in some way?

StrauXX

4 months ago

1 reply

They are heavily used in penetrationtests and red teaming engagements. Banning such tools from the public just mystifies attackers ways to defenders, while not in any way hindering serious malicious actors. We had that discussion back in the 90s and early 2000s.

freedomben

4 months ago

3 replies

Agreed. Plus it's not always a clear line between offensive and legitimate usage. For many years nmap was banned on most corporate networks, but it's an invaluable tool for legitimate use too, despite being useful for offensive cases as well

randall

4 months ago

2 replies

one time i ran nmap against my dev box at facebook. i was definitely worried someone was going to give me a stern talking to.

varenc

4 months ago

1 reply

I ran 'neoprint.php' on myself at Facebook in 2007 and immediately got a stern email about it... It was some script that collected info for responding to law enforcement requests. But after chastising me, the email said "I was gratified that you ran it on yourself". (as opposed to snooping on someone else!)

It was just a summer internship and FB was like 'only' 80 engineers back then. But they still took it seriously.

Thorrez

4 months ago

1 reply

I think that's a little different. It sounds like neoprint.php is an internal Facebook tool for looking up data on Facebook users. So improper usage of it is a privacy problem for users. It's something misbehaving employees might run against celbrities, exes, etc. (e.g. https://www.gawkerarchives.com/5637234/gcreep-google-enginee... )

Otoh nmap isn't a privacy problem for users of Facebook (or any other tech company).

varenc

4 months ago

Yea totally agree. Mainly just wanted to shoehorn in my own story about stern emails at FB! Also I think running nmap on your own development machine is totally legitimate. Lots of reasons you might want to do it.

SoftTalker

4 months ago

1 reply

I use nmap routinely at work to see what’s on a subnet, has anything new appeared, or where it should not be.

bravetraveler

4 months ago

+1. If I can't run nap or netcat, or have to justify it each time, I can't do my job. Better off elsewhere.

I've departed early at least twice over this. Draconian IT serves nobody. Been doing this long enough I deliberately poke any new employer; see what's in store.

Nobody cares, though. EDR appliances sell without careful administration. The industry will outlive us all.

hsbauauvhabzb

4 months ago

2 replies

While that may be true, it’s less true for things like cobalt strike. I’m not saying that banning tooling would be a good thing, but it’s a bad argument to compare Nmap to remote access tools.

freedomben

4 months ago

I don't disagree, but GP is asking about all offensive tools, not just Cobalt strike. IMHO a platform like GitHub should not be picking and choosing which projects are offensive enough to remove. Yes, there are some tools that are pretty clearly more offensive than others, but creating a policy would not be clear-cut

wkat4242

4 months ago

Cobalt strike is just an automated script kiddie really. It's a way for red teamers to catch low hanging fruit. And because of that, there's not so much low hanging fruit anyway.

wkat4242

4 months ago

It's mainly beside nmap detection is a feature of most IDS so it's bound to raise some red flags.

Same with even doing packet sniffing. It can be detected when using wireshark because it does reverse DNS lookups for each ip it sees in its default configuration.

I had legit reasons for it at work so I always mentioned it to the network guys before ding stuff like this. We also had a firewalled lab network. We did get some pushback once when some scans leaked out to the office network. But it was their fault for having the firewall open.

awesome_dude

4 months ago

2 replies

Isn't Github supposed to be blocking sanctioned countries, like Iran, and North Korea?

https://docs.github.com/en/site-policy/other-site-policies/g...

overfeed

4 months ago

1 reply

Do you have any reason to suspect GitHub isn't blocking those countries? How long do you think an offensive-security sponsor/passport-issuing nation might take to get around GitHub IP-blocks?

dmoy

4 months ago

Right exactly. The only way IP blocks work is if there's no vulnerable machines to take over anywhere. That is - it basically doesn't work for any motivated attacker.

You could hypothetically make it work, but it would mean an extremely different Internet and device landscape than exists today. (And even then I doubt it stops a nation-state level attacker, they can always use old fashioned espionage to get someone in meat space and get around any technical barrier)

throwaway2037

4 months ago

About Iran & GitHub:

https://docs.github.com/en/site-policy/other-site-policies/g...

    > GitHub now has a license from OFAC to provide cloud services to developers located or otherwise resident in Iran. This includes all public and private services for individuals and organizations, both free and paid.

    > GitHub cloud services, both free and paid, are also generally available to developers located in Cuba.

laveur

4 months ago

I think they get heavily used by security researchers, and other people that do regular Penetration Testing.

traverseda

4 months ago

What alternative do you suggest?

sgnelson

4 months ago

5 replies

This is interesting due to the tying of DPRK and PRC. It seems hard to say how much coordination there is between the two, but whatever it is, it appears to be greater than zero. While not necessarily surprising, I wonder if this public attribution will make it harder for the PRC to deny involvement with both the DPRK's efforts and their own.

jmyeet

4 months ago

2 replies

I don't think Chinese support for NK has ever been a secret anymore than the the US support for South Korea has. And it's in China's backyardd so they've got way more of an excuse.

And if you think that doesn't matter, look at the Monroe Doctrine [1].

Taken further, the so-called Cuban Missile Crisis should really be called the Turkey Missile Crisis. The US (through NATO) placed Jupiter nuclear MRBMs in Turkey, only hunddreds of miles from Moscow. The USSR responded by doing the exact same thing, by placing nuclear weapons in Cuba. And the US almost started World War 3 over it.

It was the USSR who stepped back from the brink and, as a result of a secret agreement, the Jupiter MRBMs were quietly removed from Turkey [2].

[1]: https://en.wikipedia.org/wiki/Monroe_Doctrine

[2]: https://www.wilsoncenter.org/blog-post/jupiter-missiles-and-...

churchill

4 months ago

2 replies

Why is this comment downvoted? You have the right to see China, USSR and NK as immoral regimes but there's nothing non-factual here.

charonn0

4 months ago

4 replies

The topic is cybercrime and espionage, not nuclear brinksmanship or colonialism. Whatever parallels can be drawn don't seem to be very relevant, so the comment comes off as an attempt to deflect criticism.

codpiece

4 months ago

1 reply

It was still a fascinating aside, and it's not like HN stays on topic in a thread. I learned something today.

corimaith

4 months ago

I do wonder what's the state of history education today when one only learns a basic history event today, and through a layman's forum post which is surely going to have all the complete perspective as opposed to setting out an explicit agenda.

skinnymuch

4 months ago

1 reply

You can’t separate colonialism and imperialism from Korea. As if any of us know what Korea would be doing if the west didn’t invade then sanction among other things.

corimaith

4 months ago

1 reply

North Korea invaded South Korea after US pressured South Korea to disarm. North Korea was the imperialist actor here.

skinnymuch

4 months ago

1 reply

That’s not what imperialism means. At all. Next you’ll say China wanting reunification with its own people is imperialism but NATO in Ukraine isn’t. Or they can be equivocated.

I haven’t heard about the disarming stuff. I don’t think that part happened.

noduerme

4 months ago

1 reply

What an apt comparison you make in your apologia for dictatorships! For the imperialist Beijing regime to "reunify" with an independent state in Taiwan which it never controlled is just like the czarist empire based in Moscow "reunifying" with Ukraine: It's an autocracy invading an independent democracy, killing people, and taking away their right to self-determination.

Comparing this with Ukraine wanting to join NATO or the EU for the defense of their right to self-determination and to live free of an authoritarian police state is laughable. But such a comment can only come from ignorance of the differences between systems of government with human rights and those with none, or else be sheet wicked propaganda paid for by an authoritarian regime.

The equivocation here is in your comment - one must wonder what your actual motive is.

skinnymuch

4 months ago

1 reply

Ukraine arguably gave up its sovereignty when it became a neo-colony of the imperialist west and NATO in 2014.

No one has the heavens mandate to any land. We are only human. Not gods. You don’t get to do whatever you want on the land of your nation state just because of blood and soil arguments like you and your blood is from there.

Western and liberal democracy is not about human rights.

If China never had claims to Taiwan…then the KMT never should’ve gone there either according to your logic. And don’t have rights to that land now unless settler logic is used.

> one must wonder what your actual motive is.

I am an anti-imperialist and [pan-]nationalist. I don’t hide that. That is in contrast to most westerners or Europeans who go based off enlightened centrist and liberal vibes along with western, white, settler, and European chauvinism and supremacy.

noduerme

4 months ago

>> You don’t get to do whatever you want on the land of your nation state just because of blood and soil arguments like you and your blood is from there.

Yet you get to invade your sovereign, self-governing and peaceful neighbors if you're Russia or China, and have such grand imperialist adventures all while claiming to be anti-imperialist? How convenient. And oh, Russia's annexation of Crimea isn't about blood and soil? That was sure the pitch made to its own population.

You say you're a pan-nationalist, but then what's wrong with Ukraine choosing to ally with Europe? Is pan-nationalism only valid when the alliance is under Kremlin despotism? Whatever Putinism is, it certainly isn't about human rights either. [Perhaps you meant you are pan-Slavic? In that case, Kiev may as well be your capital]. And if you're so cynical as to believe that no system is any better than any other system when it comes to human rights, who are you or the despots and tyrants you side with to declare who should do what? What system are you offering the citizens of Taiwan or Ukraine that they would want? Your entire argument seems to boil down to a circle of hypocrisy: The people of some country have no inherent right to be there, so even if a larger belligerent power has no right either, there's nothing wrong with annihilating whatever freedom the local people have.

By your statements, you are actually justifying settler-colonialism. Should the Han take over Tibet and dispose of Tibetans? Sure, in your opinion, since no one has claim to land. (Strange how the new settlers lay claim to the land though, isn't it?) What right do native American people have to their land? None, according to you. So then what's this imperialism of America you're yapping about? It would be easier to say: It's not as if America has done anything China or Russia isn't currently doing. But that would be playing into your trap of equivocation. As a Tibetan freedom fighter friend of mine once said, when I suggested that America was sliding toward authoritarianism: never ever compare America to how much worse things are in a dictatorship like China. To do so is an insult to everyone fighting for their freedom from these thugs around the world.

If Ukraine had wanted to join Putin's Russia, they had ample opportunity. If Taiwan wanted to join China, they could do so tomorrow by a majority vote. And if your only argument is that the West is no better and just as hypocritical - apart from the fact that I believe you to be arguing in bad faith - then what difference is it to you which sphere of influence they end up in?

kace91

4 months ago

Maybe it wasn’t clear, but I think the comment is explaining the importance for superpowers of keeping their immediate surroundings politically aligned - china wants NK on their side for the same reason neither the US or the URSS wanted nukes on their doorstep.

the_af

4 months ago

> The topic is cybercrime and espionage, not nuclear brinksmanship or colonialism.

Those are all closely related topics in geopolitics.

corimaith

4 months ago

1 reply

The causality between missiles in Turkey causing the Cuban Missile Crisis is unsubstantiated by historical facts from the Soviets own perspectives.

It's more that Cuba requested nukes first, the USSR opportunistically took, then they to resolve the crisis they took that opportunity to remove Turkish missiles. It wasn't really a tit for tat on part of the USSR's intentions, Cuba was the primary agent here.

Not that it really mattered later on once ICBMs are developed.

jmyeet

4 months ago

1 reply

From Khrushchev's own words (27 October 1962) [1]:

> Your missiles are located in Britain, are located in Italy, and are aimed against us. Your missiles are located in Turkey.

> You are disturbed over Cuba. You say that this disturbs you because it is 90 miles by sea from the coast of the United States of America. But Turkey adjoins us; our sentries patrol back and forth and see each other. Do you consider, then, that you have the right to demand security for your own country and the removal of the weapons you call offensive, but do not accord the same right to us? You have placed destructive missile weapons, which you call offensive, in Turkey, literally next to us. How then can recognition of our equal military capacities be reconciled with such unequal relations between our great states? This is irreconcilable.

According to General Boris Surikov [2]:

> 'Khrushchev and his Defence Minister, Rodion Malinovsky, were at Khrushchev's estate on the Black Sea. They went for a walk and Malinovsky pointed in the direction of Turkey and said: 'That's where the American rockets are pointing at us. They need only 10 minutes to reach our cities, but our rockets need 25 minutes to reach America.' Khrushchev thought for a while and then said: 'Why don't we instal our rockets in Cuba and point them at the Americans? Then we'll need only 10 minutes, too.'

This article goes on to quote the Soviet Ambassador to Cuba, Alexander Alexeyev, who was a direct witness and a go-between between Khrushchev and Castro:

> 'On 14 May 1962 I was called to a meeting of the Defence Council at the Kremlin. Khrushchev said, in effect: 'Comrades, I think it would be a good idea to instal rockets in Cuba. Do it clandestinely. I don't want it known in the US until November (after the mid-term Congressional elections). Alexander Alexeyev, how will Fidel react when we present him with our decision?'

[1]: https://microsites.jfklibrary.org/cmc/oct27/doc4.html

[2]: https://www.independent.co.uk/voices/the-cuban-missile-crisi...

corimaith

4 months ago

>From Khrushchev's own words (27 October 1962):

That dosen't refute anything from his own words as a justification as opposed to his primary goal to provide Cuba with defence here to deter a US invasion. As others have pointed out, the USSR was annoyed by these placements in Italy and Turkey earlier, but they did not declare war or start a crisis over it beforehand. It's more that Turkey was a bargaining chip here.

>>Our aim has been and is to help Cuba, and no one can dispute the humanity of our motives, which are oriented toward enabling Cuba to live peacefully and develop in the way its people desire.

You need to place here in context that the Jupiter missiles in Turkey were already obselete but the US had the overwhelming advantage in a nuclear strike with their Atlas ICBMs in USA at the time, relying more on a fleet of intercontinental bombers that could targeted by NORAD.

Removing nukes for Turkey did little to change the strategic calculus, but it did heavily deprive the USSR of an opportunity to change that calculus with Cuban nukes at the time, which was a major factor in Kruschev's later removal from power.

veqq

4 months ago

> The USSR responded by doing the exact same thing

This paints it as tit for tat, but to advert invasion the Cubans asked for the missiles over a year later than the missiles were placed in Turkey. The resolution combined these separate issues.

wrp

4 months ago

3 replies

Regardless of how unhappy Beijing may be with things Pyongyang does, North Korea is of such obvious strategic importance to China that they are unlikely to ever waver in their support of the regime or even try to hide it.

the_af

4 months ago

2 replies

What's surprising about this? It's not dissimilar to how the US behaves towards their less than savory strategic allies (or, historically, towards dictatorships as long as they were US-aligned).

wrp

4 months ago

Not saying it should be surprising. Just trying to answer the question.

thisislife2

4 months ago

Exactly. It's the equivalent of something like western Five / Nine / Fourteen Eyes, that also share intelligence within the alliance.

chasd00

4 months ago

3 replies

Anything happens to North Korea and all those starving people flood into China. I think that’s why China supports North Korea.

bfg_9k

4 months ago

2 replies

I mean, same could be said about South Korea. It would instantly drag their GDP per capita down by more than half, and that's not even counting how much money would need to be spent to re-develop NK.

alexey-salmin

4 months ago

1 reply

If both counties sustain their current trajectories, in 50 years it will be NK re-populating and re-developing SK. And the "if" here is mainly about NK, chances of SK getting out of the death spiral are very thin.

the_af

4 months ago

1 reply

I recently read/watched videos about the "population time bomb" in South Korea and how it's almost irreversible now. It really surprised me, it's one of those things that's hard to visualize. And it's not even long term!

wkat4242

4 months ago

1 reply

They can always allow more immigration. National populations don't grow only by births.

the_af

4 months ago

2 replies

Apparently, due to cultural, political and economical issues, South Korea cannot/won't do this. I suppose it theoretically could, but in practice it would mean it would cease to exist as it is now.

Due to the scale of their population collapse, the influx of immigrants would have to be massive. Which country does that? It would completely overtake its native ethnic population... which unlike a country built on immigration like the US, is surprisingly homogeneous.

I'm no expert, I encourage you to read on the matter. It apparently truly is something that cannot be stopped now. It surprised me as much as it (apparently) does you.

By the way, countries that are better off, like the US, are largely helped by immigration indeed. Which is why anti-immigration policies would be like shooting themselves in the foot.

wkat4242

4 months ago

2 replies

> I suppose it theoretically could, but in practice it would mean it would cease to exist as it is now.

But it's going to cease to exist as it is anyway. One way or another. And the people that remain will not be staring at a wall waiting for it to end. Also, young people seem to have a radically different mindset there, which is what tends to happen when they see their parents screwing everything up.

Maybe the culture isn't there yet but it will be. Having said that, I would never be happy to live in a country with strict moral codes like Japan or South Korea. But I'm sure many people would be. In particular conservatives tend to love these societies, you often hear comments like "this is what we should do here in the US".

I'm a raging pro-lgbt polyamorous kinky progressive so for me it would be the wrong place. But there are lots of people that would love this kind of thing.

the_af

4 months ago

I mean, I don't know what to tell you. You seem to be reacting in disbelief, "this cannot be true".

But reality shows it is happening, it is accelerating, and young people are part of the problem.

It's a real thing, and the consensus seems to be it's irreversible, however bizarre it may seem to us.

lovich

4 months ago

> But there are lots of people that would love this kind of thing.

Doesn’t the fact that the people in said culture have decided it’s no longer worth reproducing, en masse, because of how their life is, imply that a lot of people wouldn’t actually like that kind of thing?

Ray20

4 months ago

1 reply

> Apparently, due to cultural, political and economical issues, South Korea cannot/won't do this.

Because it's not a problem yet. What's going to stop them from doing it when the birth rate becomes a problem? Almost nothing.

> Due to the scale of their population collapse, the influx of immigrants would have to be massive.

Not really. You are mistakenly extrapolating the situation in the Western world, where purposefully brought in almost only criminals and freeloaders, to Korea. If you organize immigration of labor, then not so many immigrants will be needed

the_af

4 months ago

I'm not "mistakenly extrapolating" anything, I'm describing the current consensus by population experts. No need to debate me, I'm no expert, I'm just paraphrasing what experts believe. I'm as surprised as you are, I only recently learned of this.

> What's going to stop them from doing it when the birth rate becomes a problem? Almost nothing

Their birth rate is already a massive problem. The South Korean government already acknowledges this is a crisis, it's just that the measures that are politically/socially viable just don't cut it, and Koreans seem unwilling to consider more drastic measures. But the problem is already here, and acknowledged, and already impacting the population of South Korea (there's apparently a "loneliness epidemic" going on already).

Because of the shape the population pyramid takes (more old people than young people) once it reaches the tipping point, which in South Korea it already has, there's no going back. No matter how they try, they simply don't have enough young people to revert it anymore.

> If you organize immigration of labor, then not so many immigrants will be needed

This is not (just) about labor, it's about population decline. Even if Koreans dedicated themselves to having more children, it wouldn't be enough anymore. They are beyond the tipping point. They would need massive immigration to live there and have children there and effectively become "the new Koreans"... and this is obviously unpalatable to many.

I encourage you to read on this. Do not debate me: I'm not the expert here!

djtango

4 months ago

Genuine question that I'm trying to learn about - the industrialisation of Japan and South Korea led to huge wealth creation and increases in quality of living. I know some of that is stagnating now and especially in South Korea things are difficult, but why isn't North Korea ever spoken of in those terms rather than always the GDP hit to South Korea?

moomoo11

4 months ago

6 replies

How did they manage to brain control millions of people like that? I mean it’s so ludicrous to an outsider.

rtpg

4 months ago

1 reply

In the initial era of the split between North and South Korea, South Korea both was run by a bunch of people who had a history of outright killing leftists, and the United States was involved in similar actions.

The lack of serious offramps to reunification, along with not as huge a delta in quality of life between north and south for a long time (aid from other countries sure helps!), allowed the DPRK to establish itself as its own nation.

Now there is the surveillance state apparatus allowing the DPRK to exist in its current form in perpetuity. And even if tomorrow they showed up and said "let's unify Korea", South Korea (even ignoring all the ideological reasons it might not want to) would likely be unwilling to absorb an extremely poor country and pay for it (see the painful experience of Germany's unification).

There is probably no off ramp that exists unless people are willing to let the elite walk away clean from the situation in one way or another, and it seems hard to imagine such a future.

And if you are a north korean elite and you are allowed to travel to northern china, you will see a place where things are running more smoothly, but you're still going to see places with massive amounts of internal controls and restrictions. So who's offering the upside to some regime change here?

brabel

4 months ago

2 replies

> see the painful experience of Germany's unification

I had thought that Germans from both sides were overwhelmingly supportive of re-unification, even if it would cause short-term pain??

jonasdegendt

4 months ago

1 reply

It's my understanding there were plenty of USSR nostalgics in the east given how long it took for the free market to "trickle down" and the east to catch up economically. They never did catch up all the way anyway.

ViktorRay

4 months ago

1 reply

Today the areas that were previous controlled by East Germany overwhelmingly vote for right wing parties though.

I believe the AfD political party in Germany won significant support in those areas of Germany that were once behind the Iron Curtain.

immibis

4 months ago

Yes, they won control of an entire state and almost won another.

People vote far right because they're fed up with the status quo, and perceive the far right can't be that much worse when everything is already so bad. Politicians who are not far right would do well to take this into account in their politics. Sadly, they don't, and history repeats.

rtpg

4 months ago

1 reply

I don't think that people are like... against unification in principle, but if you are looking at it from the perspective of the State.... lots of pain and money, and at least in the German experience there was plenty of decent state enterprises for West Germany to (glibly) pillage from. People will handwave about North Korean resources, but even those are more or less accessible via China.

And on top of that at the end of the day Germany now has this bloc that votes "the wrong way" in all of its elections. Glib analysis though.

The German split was resolved 35 years ago and is still visible. How much time would a reunified Korea take to equalize itself? If you're a person who cares only about the economics of it all, how long do you think it would take for the payoff of unification to occur? Just seems quite long.

brabel

4 months ago

Would you consider that half of the USA also votes the wrong way too? And the UK? London people tend to think the rest of the country votes wrong as well. There is a divide in most countries, I think Germany is not that different, except for the fact that it actually was split up before!

forgotoldacc

4 months ago

2 replies

Nearly every authoritarian country starts with people promising good things. A lot also start with rebels fighting against a group that led a massacre. They're underdog groups with popular support.

Then those underdogs take over. They become paranoid about the possibility of being killed themselves, so they repeat the massacres they fought against. A lot of people who supported the new regime think it's just a few remaining enemies being taken out. It won't happen to them. Then the government starts laying out methods to solidify their control. The list of things seen as traitorous and against national interests grows. It becomes a frog in a boiling pot situation. By the time people realize they might be a target, the system is too complicated and widespread to take down alone, and a new generation of youths have been raised knowing only the current system. And to those youths, things are stable. The most terrifying thing to people raised in stability is the idea of losing that stability. So keeping your head down and following the law is much better than absolutely anything else.

And with the absolute control of information that NK has, a significant portion of people really don't even know a better world exists out there. And they're terrified of anyone that even talks about shaking things up.

immibis

4 months ago

Not limited to non-Western countries btw. We are also vulnerable.

Ray20

4 months ago

It looks like a liberal fantasy. The truth is that along the rivers that run on the border with China there are posts with machine gunners every 100 meters. Brainwashing is obviously nearly zero-effective, since they have to resort to machine guns.

madmaniak

4 months ago

It's funny to say that because we're living in a bubble too.

doikor

4 months ago

For the first couple decades while it was ahead of South Korea economically (in large part due to support from China/USSR) it was not that bad but during that time the system of absolute control by the Kim family was setup and once it was up it is too late to really do anything due to how absolute/brutal the control is (you say anything wrong and you and your whole extended family end up in a prison/death camp)

Basically people are willing to put up with a lot if their lives are getting better (economic growth). Problem with that is what kind of system of control an authoritarian government can setup in that period of growth.

stogot

4 months ago

Less of brain control, and more like slaughter of anyone who disagrees or rolls their eyes. Read accounts of those who escaped

ryan-ca

4 months ago

Empiricism in the face of a totalitarian regime is difficult.

mytailorisrich

4 months ago

1 reply

China did not, and still doesn't, want US troops at its border. That's why it originally intervened and why it supports North Korea. At the time there was also a further risk that the US might invade China.

wkat4242

4 months ago

That doesn't have to be the result of it. A more humane regime in NK doesn't mean reunification has to happen. And, part of the reason those US forces are in South Korea is the threat of the North. By threatening US involvement in case of an attack.

energy123

4 months ago

1 reply

China kept backing Khmer Rouge despite the millions dead and even invaded Vietnam to protect them. Amoral, self interested actor at best. There's nothing North Korea could do to their own people to change the support.

hetman

4 months ago

1 reply

In fairness, the US kept indirectly funding the Khmer Rouge even after evidence of their atrocities came to light for their own strategic geopolitical reasons.

The realpolitic of international relations very often follows the words of the British prime minister, Lord Palmerston: "We have no eternal allies, and we have no perpetual enemies. Our interests are eternal and perpetual, and those interests it is our duty to follow."

fluoridation

4 months ago

5 replies

So there is a universe out there where the US would have supported/allied with Nazi Germany had it been convenient?

AngryData

4 months ago

1 reply

I mean the US had no problems selling Nazi Germany arms at the start of the war. The US only really took a side after Germany told the US to stop also supplying war materials to their enemies, which Germany viewed as merely prolonging the war and deaths, and when the US ignored them because they were making too much money Germany stopped buying and doubled down on blockading material support to allies.

0xDEAFBEAD

4 months ago

1 reply

>I mean the US had no problems selling Nazi Germany arms at the start of the war.

This claim doesn't appear to be true: https://www.reddit.com/r/AskHistorians/comments/1k6yi1z/comm...

firen777

4 months ago

1 reply

It's both frustrating and all too common to see blatant historical falsehood being casually thrown around as if it's well known fact. Doubly frustrating knowing that in order to rebut such falsehood, you have to either do your own lengthy research to find the evidence of __absence__ (which is a lot harder comparing to the evidence of __existence__), or hopefully someone else already did said research and more hopefully you can unbury it from the increasingly enshittified google search.

And by the time you managed it the falsehood already netted a few dozens/hundreds/thousands more victims in the best case scenario where the rebuttal actually managed to attach itself right next to the falsehood.

Regular folks just can't compete with professional disinformation spreaders and their horde of victims.

0xDEAFBEAD

4 months ago

My idea is a little "!" which pops up on the comment byline if the comment fails an AI fact check. AI fact checks are obviously far from perfect, but at least it would be a start. @dang

immibis

4 months ago

1 reply

Yes, this one.

fluoridation

4 months ago

What do you mean? Some US companies did business with Nazi Germany, famously IBM and of course Ford, and of course there were nazi sympathizers in the US, but to my knowledge the US never supported Germany at that time.

hetman

4 months ago

But Palmerston's quote isn't about convenience. It is not at all clear to me that supporting Nazi Germany would've served the US's broader global interests. For example, fascism and capitalist free market ideologies are somewhat at odds with each other on multiple points.

arrosenberg

4 months ago

Sure. If Smedley Butler has been less disillusioned by his work history and successfully carried forward the business plot it’s pretty easy to imagine.

dboreham

4 months ago

Hardly difficult to imagine when you look at when WW2 began vs when the US became involved, and why.

tonyhart7

4 months ago

in intelligence and cybersecurity community this are well known fact

after all chinese is the first one that has official military cyber unit (first in the world)

north korean following suit for monetary reason and have as far as Property (Hotel etc) on china mainland to run the operation from there

as for china??? they basically have an "laundry" business that can take dollar from korea in trade of supplies

rr808

4 months ago

Russia too after the public hand holding last week.

ummonk

4 months ago

I don’t see any smoking gun here that would prevent the PRC from denying its involvement in these hacking efforts.

lawgimenez

4 months ago

1 reply

I believe these are the hackers responsible for this leak: https://phrack.org/issues/72/7_md#article

_def

4 months ago

6 replies

> I am a Hacker and I am the opposite to all that you are. In my realm, we are all alike. We exist without skin color, without nationality, and without political agenda. We are slaves to nobody.

Classic elitist take ignoring that this this space where "all are alike" can only work for certain kinds of people.

drtgh

4 months ago

1 reply

Your quote it is out of context, they are talking to North Korea's -sociopathic- government accomplice:

    << Kimsuky, you are not a hacker. You are driven by financial greed, to enrich
    your leaders, and to fulfill their political agenda. You steal from others
    and favour your own. You value yourself above the others: You are morally
    perverted. >>

North Korean citizens are kidnapped by a dictatorship. They are talking to someone who supports crimes against humanity.

rikafurude21

4 months ago

1 reply

I would go as far as to say slaves of a dictatorship. Most likely threathened with death, including the hackers' entire family, if they dont follow the line. Considering these factors, how much do you think they actually "support crimes against humanity"? North Koreans filter their students very early on to find the smart ones and teach them hacking in specialized military camps. Whoever this hacker is, he probably has been handpicked and groomed for the job hes doing.

pphysch

4 months ago

2 replies

How is this any different from say a Pentagon or IDF employee who is involved (by some degree) in the documented mass murder of civilians? Their livelihoods are also on the line.

Are they off the hook because they "choose" to participate in mass murder?

rikafurude21

4 months ago

1 reply

Youre gonna pretend theres no difference between your entire bloodline (literally) or your salary being on the line? If you work at the Pentagon and see mass murder of civilians you have the option to stop going to work. A north korean hacker does not have that option.

A4ET8a8uTh0_v2

4 months ago

1 reply

You may be assuming a fair bit. Just because it is evidently true that there is a difference, to the parent, depending on their philosophical bent, it is not impossible that it is the outcome alone that determines level of willingness to accept level of.. dunno what is a good word here.. responsibility. In other words, from where they come from, all other factors are not relevant. I don't subscribe to this particular view of the world, but it helps to be able to understand others.

rikafurude21

4 months ago

I get that a pure consequentialist can flatten every distinction, but in the real world we still distinguish between (a) ‘I’ll kill your entire bloodline if you stop typing’ and (b) ‘You can resign and face a résumé gap.’ Until we’re ready to treat a bank-teller under duress the same as an armed robber, that difference has to matter.

mensetmanusman

4 months ago

It has to do with this concept called free will.

dobin

4 months ago

No tolerance for the intolerant.

helqn

4 months ago

On the Internet, nobody knows you’re a dog. Unless you make it your whole personality telling everybody that you are a dog. Maybe stop doing that.

sublinear

4 months ago

To quote the movie Hackers:

"Cool? It's not cool. It's commie bullshit!"

sim7c00

4 months ago

Brian: We are all different! Guy: I'm not!

its always just some cheesy hacker words put to seem mysterious or whatever -_-.

we are legion, we are one etc. anything like that fall apart quickly if you attach identity to something doesnt it.

i guess by being anonymous online some forget they are not anonymous irl. a lot of being alone with the terminal ^^>

gotta read between all the fluff tho.

lovich

4 months ago

I don’t necessarily agree with you but I’m not sure why you are being downvoted into oblivion.

Tangentially, my problem with this phrase post is that I am struggling to get past all the obvious falsehoods when it comes to the non technical part of the writing.

It starts off the bat with using terminology like “Advanced Persistent Threat” and conflates what it already identified as a North Korean group as Chinese in this sentence

> It shows a glimpse how openly "Kimsuky" cooperates with other Chinese APTs and shares their tools and techniques.

And then gives some flowery speech about how the Koreans are bad and political but this author who opposes them is good and not political.

This reads to me like the ravings of some crazy person with advanced skills who thinks everyone else is the crazy one while wearing a tinfoil hat, or a federal group leaking a no longer useful technical hack surrounded in language pushing propaganda

aussieguy1234

4 months ago

1 reply

That's a fairly detailed analysis of an APT workflow.

Now, non-APT actors, if they wanted to up their level of sophistication, might replicate some of these workflows for their own nefarious activities.

awesome_dude

4 months ago

1 reply

There's always a risk of openness creating copycats, but there's also the fact that informed decisions can now be made by people who need to mitigate against these malicious actors.

There's no way to only give the information to one group without the other group getting their hands on it.

fragmede

4 months ago

There's levels between not sharing it with anybody, and dumping it up on the public web for everyone to see. There are private disclosure lists they could have used, if they wanted to.

hexpeek

4 months ago

5 replies

I’ve heard that in North Korea it is difficult for ordinary people to learn or own a computer. It is assumed that a small number of elite operatives are selected and trained to carry out such tasks, and it is somewhat surprising that they possess the latest technology and conduct hacking.

asdff

4 months ago

1 reply

If anything the hackers in north korea are probably world class if the government is getting their students into focused training programs early in their schooling. Western nations have nothing equivalent due to schooling being generalist and undergrad and grad school not really introducing you to the sort of work you'd actually do on the job as a hacker. 22 year old western hacker for a 3 letter agency is going to have maybe a 6 month softball tangentially related internship of experience under their belt while the north korean might have years and years by that point.

awesome_dude

4 months ago

2 replies

> 22 year old western hacker for a 3 letter agency is going to have maybe a 6 month softball tangentially related internship of experience under their belt while the north korean might have years and years by that point.

I was with you right up until this bit

The agencies concerned tend to recruit people that have demonstrated ability in that field, and they've usually got it with "self-directed" training :)

Joel_Mckay

4 months ago

2 replies

State sponsored thieves are not a talent pool that anyone wants in a trusted position.

The fact is there were only around 40 unique hacks ever invented, and people simply adapt these into new zero day exploits. Notably, this is now mostly a fully automated process.

If people want in, they will get in eventually. =3

x C62=:K6 J@F 2C6 AC66>AE:G6=J 5:D28C66:?8 H:E9 E96 DFCAC:D:?8=J =@H 6DE:>2E6 @7 6IA=@:E E2I@?@>J[ 3FE 9F>2? DE2E:DE:42= 3692G:@C :D 2=D@ ?@E 2D 4@>A=6I 2D >2?J 36=:6G6]

vntok

4 months ago

3 replies

ChatGPT decoded the ROT47 text immediately from a simple prompt: "Decode this string sent by some random pompous guy on Hacker News: [raw string]".

If robots want in, they will get in eventually too, apparently.

Joel_Mckay

4 months ago

1 reply

It was a simple way to highlight impulsive behavior common in modern users, and the trivial encoding function should be obvious to those who are minimally empathetic. Ask the LLM handler if being lied to makes people feel worse than getting robbed... then consider if you would hire such individuals.

If you are ever unsure of someones motives, than politely ask for context. Have a wonderful day =3

https://en.wikipedia.org/wiki/List_of_cognitive_biases#Causa...

bgwalter

4 months ago

1 reply

What is the impulsive behavior? Do you have a zero day in some ROT-47 decoder? Or perhaps a zero day in the file command in case a user creates a file containing the string and runs the command on it? Or is the string both a valid ROT-47 string and a valid executable on some platform?

> If you are ever unsure of someones motives, than politely ask for context.

Asking for context.

Joel_Mckay

4 months ago

In general, the point was predicting statistical behavior is easy in large enough populations, and finding utility in that fact is trivial.

Exploits are boring, and thus have questionable utility in a proper business context. Don't worry about it... =3

theshrike79

4 months ago

https://gchq.github.io/CyberChef/#recipe=ROT47(47)&input=eCB...

CyberChef did it fully locally with a ready-made recipe :D

KyleBerezin

4 months ago

No need for insults, I found it fun. ROTs are easy to detect because they usually still have word-length chunks, and common repeating symbols. In this case the '6's ('e's). This is something a language oriented AI is going to be very good at detecting. It's great demo of why hashing is so important.

If you don't see repeating symbols, it could be a running key, like a Vigenèr cipher.

JumpCrisscross

4 months ago

3 replies

> State sponsored thieves are not a talent pool that anyone wants in a trusted position

Why? They’re intelligent, crafty and able to make trade-offs.

Empirically, ex-spies have a solid history in reaching commanding positions in politics and business.

Joel_Mckay

4 months ago

2 replies

It is complicated, but Moral Development theory does cover the phenomena of why some won't understand until they personally grow through the stages of development.

Have a great day. =3

https://en.wikipedia.org/wiki/Lawrence_Kohlberg's_stages_of_...

JumpCrisscross

4 months ago

1 reply

Spies do tough work for not that much pay. (Certainly less than they can earn in the private sector.)

They’re starting from a position of duty. Given the stakes the questions they’re tasked with operate at, I’d guess they tend to be in the postconventional regime more than most people.

Joel_Mckay

4 months ago

Sounds like an absurd fiction... and still unrelated to a proper business. =3

jgilias

4 months ago

Reading up on it made me realize that a certain well known orange person is really on Stage 2 of moral development. That explains a lot.

But also gives hope. I mean, it’s rare that adults fail to advance from pre-conventional phases, so it must be super rare to have such a confluence of factors that puts someone like that in the given job.

Ray20

4 months ago

1 reply

> Empirically, ex-spies have a solid history in reaching commanding positions in politics and business.

But it's not because someone wants them there. It's because they can demand the position they want.

JumpCrisscross

4 months ago

> it's not because someone wants them there. It's because they can demand the position they want

Zero evidence of this. And if they can demand that position from one, they can demand favors from others. I would count a background in espionage to be a net positive in a hiring process, provided dismissal was on good terms.

mr_toad

4 months ago

> Empirically, ex-spies have a solid history in reaching commanding positions in politics and business.

The only examples I can think of are Putin and George HW Bush.

asdff

4 months ago

Lurking forums and irc is probably a terrible way to train a hacker than a dedicated program that introduces you to the tools you'd be using on the job right away. Even today people don't even like hiring self taught engineers anymore like 20 years ago, when there are many more people today who have gone through legitimate education programs.

The one hacker I met in my life went to West Point and had no experience they didn't gain from being placed in their program after graduating with decent test scores.

ummonk

4 months ago

1 reply

North Korean teams tend to perform very well in coding contests, so it’s a safe bet that North Korea is quite good at nurturing a small slice of elite computing talent.

SoftTalker

4 months ago

1 reply

They just identify talented individuals and send them to schools in China or elsewhere to learn the latest tech.

richardfeynman

4 months ago

2 replies

source? interesting if true.

IAmBroom

4 months ago

1 reply

Why would you doubt it?

The brightest students of most nations are often sent abroad to enrich their countries with knowledge from the great universities. NK is almost unique in its inability to do this at non-Chinese great universities, so that is the only viable route.

richardfeynman

4 months ago

I would doubt it because North Korea has extremely strict controls on who exits the country for any reason, but especially for education. I know this has happened before (for example Kim Jung Un studied in Switzerland under a false name when he was a kid), but it's extremely rare, and runs contrary to the North Korean philosphy of Juche, self-reliance.

yesfitz

4 months ago

"Major North Korean universities, such as the Kim Il-sung University and the Pyongyang University of Foreign Studies, send a few dozen exchange students to Peking University and other top-ranked Chinese universities each year."[1][2]

"North Korean hackers are sent vocationally to Shenyang, China for special training. They are trained to deploy malware of all types onto computers, computer networks, and servers."[3][4]

1: https://en.wikipedia.org/wiki/Koreans_in_China#North_Koreans...

2: https://web.archive.org/web/20090114201016/http://news.xinhu...

3: https://en.wikipedia.org/wiki/Lazarus_Group#Education

4: https://web.archive.org/web/20180621134306/https://www.scmp....

stingraycharles

4 months ago

I always understood that these hacks are one of the main ways for North Korea to actually earn money in other currencies, as they’ve been barred from trading with pretty much the entire world.

maxk42

4 months ago

...which explains the link to China. NK natives probably do not typically have access to computers or the open internet, but the children of certain elites are educated in China. There may even be a collaborative effort between the two states.

Ray20

4 months ago

> somewhat surprising that they possess the latest technology and conduct hacking.

Why does this surprise you? As you said, selecting capable people is not a problem. And then these capable people get the best possible motivation. I would say it is expected to get qualified hackers in such conditions, who are proficient in all latest technologies.

Pocomon

4 months ago

1 reply

> The leaked dataset attributed to the “Kim” operator offers a uniquely operational perspective into North Korean-aligned cyber operations.

It's puzzling why the NORC hackers didn't use a nearest neighbor hack rather than leaving a trail of bread crumbs all the way back to Pyongyang ;)

wkat4242

4 months ago

Sometimes sending a message is part of the point. And you still have plausible deniability anyway "it was a false flag booo".

The Russians do this a lot. This kind of attack that they want everyone to know they are being without telling you they are behind it and denying it in all colours.

jamedjo

4 months ago

2 replies

> Attribution Scenarios: Option A: DPRK Operator Embedded in PRC

> Use of Korean language, OCR targeting of Korean documents, and focus on GPKI systems strongly suggest North Korean origin.

I'm don't follow how needing OCR to read Korean documents points to them being North Korean?

Could also point in the opposite direction of them needing to copy the text for translation.

Thorrez

4 months ago

2 replies

Their shell history shows them using OCR tools. AFAIK it doesn't show them using translation tools.

RT-Saber

4 months ago

Actually KIM was also using Google Translate (discovered through his browsing history)

jamedjo

4 months ago

Fair, and appears I missed the first part "Use of Korean language".

The OCR still tells us more about the target than the actor, but I guess they are suggesting the choice of target itself is the indicator.

RT-Saber

4 months ago

We believe KIM is Chinese but working for both Chinese and North Korean interests/governments, he speaks only very little Korean, he translates Korean websites into simplified Chinese using Google Translate and use OCR to translate Korean documents into Chinese.

codedokode

4 months ago

4 replies

Why everyone working with the government doesn't use hardware keys without passwords so that fishing is useless?

ac29

4 months ago

1 reply

I know some people in the US government who definitely need a hardware key to access computing resources including email. They work for the Dept of the Interior on science stuff, nothing related to national security or otherwise sensitive info.

They mentioned this was a pain in the ass, and a very weird restriction since technically any member of the public can ask for a copy of their emails via FOIA.

sulandor

4 months ago

sounds like the primary goal was better attestation

alt227

4 months ago

2 replies

Surely people can still phish for the user to insert their hardware key to approve something malicious?

kbrkbr

4 months ago

1 reply

What is phishing resistant MFA? - https://www.sans.org/blog/what-is-phishing-resistant-mfa

alt227

4 months ago

Exactly. 'Resistant' not 'impenitrable'.

The article itself says that 100% phishing resistance is impossible. So I stand by my arguement that if you give an idiot a Yubikey, it still doesnt save them from themselves.

>Does this technology eliminate all risk? No. As this becomes widely deployed new attacks will be developed, but it will be MUCH harder for the cyber attacker.

> FIDO is extremely resistant to phishing attacks but adopting FIDO does not mean your organization is secure against phishing.

codedokode

4 months ago

Hardware keys (unlike humans) usually check page URL and do not send the data stored by another domain.

mr_toad

4 months ago

A lot of legacy tech doesn’t support hardware keys. Last government job I had still ran an old SVN server with unencrypted username/password auth (relying on the VPN for security).

bornfreddy

4 months ago

Because hardware keys are so 2000 - we have apps now. With Play Protect Premium Enterprise to make sure the phone is secure. /s

p0w3n3d

4 months ago

This is some clickbait. At least to me. I've recently read an article that when Kim Jong Un takes dump he does it in a N.Korea secret service owned toilet that is being dragged always with him. Hence "Kim dump" sounds really... Physical...

sim7c00

4 months ago

interesting stuff but the china angle is a bit overstated with option A/B.

it could simply be the guy maintains presence there because he has access. NK has no public internet so he might simply enjoy internet access -_- rather than neccesarily be either pretending to be chinese or working for them...

jmyeet

4 months ago

So this is interesting from a technical perspective. Some of this infrastructure is used by pen testers and the likes, which just goes to show that there is no such thing as a defensive weapon. I'll let you ponder why that might be pertinent.

Unfortunately, it quickly turns into a discussion of how bad NK and China are and how China shouldn't support NK (because, again, they're bad).

I'll offer two words to expose the hypocrisy of this: Stuxnet, Pegasus.

32 more comments available on Hacker News

View full discussion on Hacker News

ID: 45152066Type: storyLast synced: 11/20/2025, 8:32:40 PM

Want the full context?

Jump to the original sources

Read the primary article or dive into the live Hacker News thread when you're ready.

Open link View on HN