A data breach affecting a member of the North Korean hacking group Kimsuky APT has revealed sensitive details about the group’s clandestine activities. The incident, which occurred in early June 2025, exposed hundreds of gigabytes of internal files and tools, including sophisticated backdoor operations, phishing frameworks, and reconnaissance techniques. The compromised data appears to originate from two systems operated by an individual using the alias ‘KIM’. These include a Linux development workstation running Deepin 20.9, alongside a public-facing VPS used for spear-phishing campaigns. This incident underscores the vulnerabilities within Kimsuky’s infrastructure and offers valuable insights into their cyber operations.