A North Korean-linked hacking group, KONNI, has used a sophisticated two-part attack involving spear phishing and remote device wiping to target Android users, primarily in South Korea. The attack leverages trust and popular platforms like KakaoTalk to spread malware and erase data remotely. #KONNI #APT37 #NorthKorea #KakaoTalk #AndroidSecurity
Keypoints
- KONNI is suspected to be linked to North Korea and related groups such as Kimsuky or APT37.
- The attack begins with spear phishing, impersonating trusted roles to deceive victims.
- Hackers hide within the victim’s devices for over a year, monitoring through webcams and other methods.
- The malware spreads via KakaoTalk, exploiting trust to infect contacts and escalate the attack.
- The hackers used Google Find Hub to remotely reset devices, causing data loss and blocking detection.
Read More: https://hackread.com/hackers-kakaotalk-google-find-hub-android-spyware/