The Genians Security Center has revealed a sophisticated state-sponsored KONNI APT campaign targeting South Korean victims, utilizing Google’s Find Hub for remote device wipes and tracking. The campaign involves social engineering via KakaoTalk and malware distribution under legitimate signatures, showcasing advanced tactics in cyberespionage—highlighting threats linked to North Korea’s Kimsuky and APT37. #KONNI #Kimsuky #APT37 #GoogleFindHub
Keypoints
- The campaign uses spear-phishing and social engineering to infect targets in South Korea.
- Malware is distributed through KakaoTalk disguised as stress-relief programs.
- Attackers exploited Google’s Find Hub to remotely wipe and track Android devices.
- Legitimate Google account credentials were stolen to misuse cloud services for malicious actions.
- The malware includes AutoIt scripts with RAT capabilities, encrypted to evade detection.