Two hackers say they have infiltrated the computer of a North Korean government-linked cyber operative, publishing stolen data that offers a rare glimpse into the workings of one of the country’s most secretive espionage units.

Writing under the pseudonyms “Saber” and “cyb0rg,” the pair detailed the breach in the latest edition of Phrack, a long-running cybersecurity e-zine released last week at the Def Con hacking conference in Las Vegas.

They claim to have compromised a workstation containing a virtual machine and virtual private server used by a hacker they call “Kim,” allegedly a member of Kimsuky — also known as APT43 and Thallium — a group believed to operate within North Korea’s intelligence apparatus. The hackers say they handed the data to Distributed Denial of Secrets (DDoSecrets), a nonprofit that publishes leaked materials.

Kimsuky has been accused of targeting journalists, government agencies, and other strategic entities, particularly in South Korea, while also engaging in financially motivated operations such as cryptocurrency theft to help fund Pyongyang’s nuclear weapons program.

According to Saber and cyb0rg, the files revealed evidence of Kimsuky’s cooperation with Chinese state-linked hackers, tools and manuals used in operations, compromised email accounts, and signs of intrusions into South Korean government networks. They also noted that “Kim” appeared to work regular Pyongyang office hours, logging in around 9 a.m. and disconnecting by 5 p.m. local time.

While their actions are technically illegal, the hackers expressed little concern about prosecution, criticising Kimsuky as being motivated by “financial greed” and political agendas. Emails sent to addresses allegedly linked to the operative received no response.