North Korean Hackers’ Secret Linux Malware Surfaces Online

Phrack Magazine’s latest issue #72 has unveiled a significant data leak from a suspected North Korean hacking operation, including exploit tactics, compromised system details, and a sophisticated Linux rootkit.

The dump, linked to a Chinese threat actor targeting South Korean and Taiwanese government and private sectors, shows overlaps with the North Korean Kimsuky APT group.

It reveals access to internal networks and sensitive certificates, alongside screenshots of active backdoor development.

The full archive, containing live malware for multiple platforms, demands careful handling due to its hazardous contents. This exposure highlights advanced persistent threats employing stealthy tools for espionage and lateral movement.

Rootkit Capabilities

The rootkit, analyzed from its 2025 variant, operates as a Loadable Kernel Module (LKM) built on the khook library, enabling kernel system call interception to evade detection.

It conceals itself from lsmod listings, hides processes, network activity, and persistence files in /etc/init.d ...