North Korean cyber espionage group KONNI has exploited Google’s “Find Hub” service to remotely wipe South Korean targets’ Android devices, erasing crucial evidence of their activities. This campaign highlights the increasing sophistication of North Korean cyber operations using legitimate cloud features for malicious purposes. #KONNI #GoogleFindHub
Keypoints
- KONNI, linked to North Korea’s intelligence, has escalated its mobile hacking tactics.
- The group accessed victims’ Google accounts through spear-phishing and fake login pages.
- Attackers used Google’s device management features to remotely factory reset compromised phones.
- The campaign involved spreading malware via chatting apps like KakaoTalk to infect contacts.
- Genians recommends enabling multi-factor authentication to prevent such device wipes.
Read More: https://www.theregister.com/2025/11/11/north_korean_spies_turn_googles/