North Korean hackers are exploiting Google’s Find Hub tool to locate targets via GPS and remotely reset Android devices, primarily targeting South Koreans. The attack involves spear-phishing, malware deployment, and device wiping to erase evidence and disrupt victims’ communication channels. #NorthKoreanHackers #GoogleFindHub
Keypoints
- North Korean hackers abuse Google Find Hub to track and reset Android devices remotely.
- The attacks begin with spear-phishing messages sent via KakaoTalk, spoofing official agencies.
- The malware used includes RemcosRAT, QuasarRAT, and RftRAT, which steal credentials and establish remote access.
- Device wiping deletes critical data, delays recovery, and enables spreading malicious files through hijacked sessions.
- Preventive measures include enabling multi-factor authentication and verifying sender identities on messaging apps.