"The North Korea-affiliated threat actor known as Konni (aka Earth Imp, Opal Sleet, Osmium, TA406, and Vedalia) has been attributed to a new set of attacks targeting both Android and Windows devices for data theft and remote control. What's notable about the attacks targeting Android devices is also the destructive ability of the threat actors to exploit Google's asset tracking services Find Hub (formerly Find My Device) to remotely reset victim devices, thereby leading to the unauthorized deletion of personal data. The activity was detected in early September 2025."
"The development marks the first time the hacking group has weaponized legitimate management functions to remotely reset mobile devices. The activity is also preceded by an attack chain in which the attackers approach targets via spear-phishing emails to obtain access to their computers, and leverage their logged-in KakaoTalk chat app sessions to distribute the malicious payloads to their contacts in the form of a ZIP archive."
Konni targeted Android and Windows devices to steal data and enable remote control. Attackers impersonated psychological counselors and North Korean human rights activists and distributed malware disguised as stress-relief programs. The group exploited Google's Find Hub asset-tracking service to remotely reset Android devices, causing unauthorized deletion of personal data. The attack chain began with spear-phishing emails mimicking entities like the National Tax Service and used compromised KakaoTalk sessions to spread ZIP payloads. Remote access trojans such as Lilith RAT enabled system takeover, long-term concealment, webcam spying, internal reconnaissance, and delivery of additional payloads.
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]