Cybersecurity researchers say they have identified an operative working for the DPRK threat group Kimsuky who is Chinese, potentially marking the first known case of direct foreign participation in Pyongyang’s state-backed cybercrime. 

In a report released at the DEF CON security conference in Las Vegas last week, two researchers claimed to have stolen data from the workstation of an individual that they say likely works for Kimsuky, a North Korean cybercrime syndicate known for targeting South Korean industry, government and nuclear power operators, as well as institutions in Russia, the U.S. and Europe.