Menu
Browse

Cyber Threat Actor: Kim Jong-Cracks

Actor Type Location Known Incidents
 Icon
Activist
North Korea
2 incidents
Profile

The threat actor known as Kim Jong‑Cracks is associated with the location of North Korea according to publicly available references. The actor operates under a single alias and has been observed engaging in activities that target jailbreak‑enabled iOS devices. Their actions have been linked to the compromise of a prominent Cydia repository used for distributing tweaks and applications. Details of the initial intrusion vector have not been disclosed in the available reporting.

The actor’s focus has been on the jailbreak community, specifically users who rely on the BigBoss repository within Cydia for both free and paid software. Observed behavior includes exfiltrating the repository’s package index and MD5 checksums, then reproducing the entire catalog on a rival site named ripBigBoss. The actor claimed to have injected malicious code into the redistributed packages, although cryptographic verification by the repository’s creator indicated no unauthorized modifications. The actor used social media hashtags to disseminate their message and attract attention to the pirated repository.

The July 2014 incident represents the only publicly reported operation attributed to Kim Jong‑Cracks, wherein the actor stole all packages from BigBoss and made them freely available via ripBigBoss while promoting hashtags such as #WhichSideAreYouOn and #SupportTheCompettition. The actor cited Saurik’s “Competition vs Community” rhetoric as motivation for the hack, framing the activity as ideological rather than financially driven. No further campaigns or affiliations with state entities or criminal consortia have been documented in open sources. Security advisories warned users against installing tweaks from either the compromised or the pirated repository due to potential safety concerns.

Incidents
Attributed incidents available to members
2 incidents
Sources
Sources available to members
1 source