How the "Kim" dump exposed North Korea's credential theft playbook

https://dti.domaintools.com/inside-the-kimsuky-leak-how-the-kim-dump-exposed-north-koreas-credential-theft-playbook/

143•notmine1337•4h ago

Comments

tremon•1h ago

> The dump also revealed reliance on GitHub repositories known for offensive tooling. TitanLdr, minbeacon, Blacklotus, and CobaltStrike-Auto-Keystore were all cloned or referenced in command logs.

What's the rationale for allowing the development of offensive tooling on github? Is this a free-speech thing, or are these repositories relevant for scientific research in some way?

StrauXX•1h ago

They are heavily used in penetrationtests and red teaming engagements. Banning such tools from the public just mystifies attackers ways to defenders, while not in any way hindering serious malicious actors. We had that discussion back in the 90s and early 2000s.

freedomben•17m ago

Agreed. Plus it's not always a clear line between offensive and legitimate usage. For many years nmap was banned on most corporate networks, but it's an invaluable tool for legitimate use too, despite being useful for offensive cases as well

laveur•1h ago

I think they get heavily used by security researchers, and other people that do regular Penetration Testing.

traverseda•1h ago

What alternative do you suggest?

immibis•31m ago

I think they're wondering why GitHub doesn't report these to law enforcement and their creators don't go to prison.

Not sure about US law, but in Germany, creating or possessing a hacking tool (including things like nmap) is a criminal offence.

rpdillon•28m ago

Wait, installing nmap on your laptop from a Linux distribution's repositories is a crime in Germany?

to11mtm•9m ago

Not really, so long as you don't use it for anything 'bad'. i.e. if you're just running against your local network, who's gonna report it?

kulahan•22m ago

In the US you’re allowed to have pretty much whatever code you want on your computer, obviously excepting binary representations of illegal photo/video content.

How do they even enforce it? Or is it just an extra law to throw at someone already convicted of something?

kace91•16m ago

>Not sure about US law, but in Germany, creating or possessing a hacking tool (including things like nmap) is a criminal offence.

Surely that must be wrong, are security certs not a thing in Germany?

sgnelson•1h ago

This is interesting due to the tying of DPRK and PRC. It seems hard to say how much coordination there is between the two, but whatever it is, it appears to be greater than zero. While not necessarily surprising, I wonder if this public attribution will make it harder for the PRC to deny involvement with both the DPRK's efforts and their own.

jmyeet•1h ago

I don't think Chinese support for NK has ever been a secret anymore than the the US support for South Korea has. And it's in China's backyardd so they've got way more of an excuse.

And if you think that doesn't matter, look at the Monroe Doctrine [1].

Taken further, the so-called Cuban Missile Crisis should really be called the Turkey Missile Crisis. The US (through NATO) placed Jupiter nuclear MRBMs in Turkey, only hunddreds of miles from Moscow. The USSR responded by doing the exact same thing, by placing nuclear weapons in Cuba. And the US almost started World War 3 over it.

It was the USSR who stepped back from the brink and, as a result of a secret agreement, the Jupiter MRBMs were quietly removed from Turkey [2].

[1]: https://en.wikipedia.org/wiki/Monroe_Doctrine

[2]: https://www.wilsoncenter.org/blog-post/jupiter-missiles-and-...

churchill•56m ago

Why is this comment downvoted? You have the right to see China, USSR and NK as immoral regimes but there's nothing non-factual here.

charonn0•41m ago

The topic is cybercrime and espionage, not nuclear brinksmanship or colonialism. Whatever parallels can be drawn don't seem to be very relevant, so the comment comes off as an attempt to deflect criticism.

kace91•18m ago

Maybe it wasn’t clear, but I think the comment is explaining the importance for superpowers of keeping their immediate surroundings politically aligned - china wants NK on their side for the same reason neither the US or the URSS wanted nukes on their doorstep.

quakeguy•40m ago

Agitprop.

jmyeet•30m ago

So this is interesting from a technical perspective. Some of this infrastructure is used by pen testers and the likes, which just goes to show that there is no such thing as a defensive weapon. I'll let you ponder why that might be pertinent.

Unfortunately, it quickly turns into a discussion of how bad NK and China are and how China shouldn't support NK (because, again, they're bad).

I'll offer two words to expose the hypocrisy of this: Stuxnet, Pegasus.

lawgimenez•16m ago

I believe these are the hackers responsible for this leak: https://phrack.org/issues/72/7_md#article

aussieguy1234•8m ago

That's a fairly detailed analysis of an APT workflow.

Now, non-APT actors, if they wanted to up their level of sophistication, might replicate some of these workflows for their own nefarious activities.

We Got the Internet All Wrong

Djsmartberry

Broadcom stock soars with AI chips as 'leading alternative' to Nvidia

Microsoft confirms multiple subsea fiber cuts in the Red Sea

Speech Enhancement Mamba

C++26: Erroneous Behaviour

WSJ: Tech CEOs Take Turns Praising Trumps for AI Leadership at the White House

"Because Ruby", 30 chapters and a tribute to _why

Approximation to Euler's Totient φ(n) for semiprimes – implications for RSA?

More than 7k under-fives in Gaza put in malnutrition recovery in two-week period

React Server Components support without a framework

First footage of a wild black jaguar mating [video]

Show HN: Whilio – AI chatbot that learns your site and explains user behavior

A history of metaphorical brain talk in psychiatry

Why China Is Trying to Tame Its Electric Car Frenzy

AI Is Not a Technology, It's a Subscription Company

Is AI Contributing to Rising Unemployment?

Interesting PEZY-SC4s

Show HN: Feature flags on Cloudflare Workers in 223 lines

Wine 10.15 to Feature Initial Support for Using Ntsync on Linux

LLMs and Quantum Measurement: An Analogy

What does the International Space Station smell like?

Show HN: Zyg – Stop Writing Status Updates

Apple Seeks Researchers for 2026 iPhone Security Program

Show HN: Two-way AI TV with light OS, built-in capture card, no tracking

Show HN: Generate Next.js/React Tailwind blocks from a screenshots

Career Leverage as a Developer

Rust tool for generating random fractals

TypePad's demise ends Dave Barry's blog. He's moving To Substack

Dynamically scalable agent-based simulation framework, written in Rust