Leaked North Korean Linux Stealth Rootkit Analysis
Contents
Leaked North Korean Linux Stealth Rootkit Analysis
14 August 2025
Phrack Magazine issue #72 recently released a data dump from a suspected North Korean hacking group that contained a large trove of exploit tactics, compromised system information, and a stealth rootkit targeting Linux. We have reviewed the rootkit and are providing additional detection and operation details for incident responders.
We highly encourage teams to read the initial Phrack article which lays out the data obtained. Specifically they note:
- Chinese threat actor targets government and private sector in South Korea and Taiwan. Some of its targets and tactics align with North Korean Kimsuky APT group.
- Dump suggests that the attackers accessed internal South Korean government networks and had access to sensitive certificates.
- Screenshot of the attacker’s desktop shows active backdoor development.
Phrack has made the entire data dump available below along with the PDF article of the leaked information. Please be aware that this archive …
14 August 2025
Phrack Magazine issue #72 recently released a data dump from a suspected North Korean hacking group that contained a large trove of exploit tactics, compromised system information, and a stealth rootkit targeting Linux. We have reviewed the rootkit and are providing additional detection and operation details for incident responders.
We highly encourage teams to read the initial Phrack article which lays out the data obtained. Specifically they note:
- Chinese threat actor targets government and private sector in South Korea and Taiwan. Some of its targets and tactics align with North Korean Kimsuky APT group.
- Dump suggests that the attackers accessed internal South Korean government networks and had access to sensitive certificates.
- Screenshot of the attacker’s desktop shows active backdoor development.
Phrack has made the entire data dump available below along with the PDF article of the leaked information. Please be aware that this archive …