What? The US researchers found a website that did not require credentials to access, and this “trove” was found on that site. There was no hacking or breaking in there. The data seems to be pretty clear cut work delivered by North Koreans to US companies, if not the story wouldn’t be written as such. I fail to see where hacking enters in to this conversation.
That’s not to say NK isn’t hacking for profit, they definitely are.