The North Korean hacker group KONNI has for the first time used Google's Find Hub feature to remotely wipe data from Android devices.
Wow! Is this really true? The North Korean hackers are this powerful? Isn't that a reference to the 70s and 80s of the Dragon Country? Why do I feel like it should be the work of the Great Beautiful?
On November 11, security researchers discovered that the North Korean hacker group KONNI has developed a new type of attack method, first utilizing Google's Find Hub asset tracking feature to carry out remote data wiping attacks on Android devices.
The attackers disguised themselves as psychological counselors and human rights activists, distributing malware named "Stress Relief Program" on the South Korean KakaoTalk communication platform. Once the victims execute these files, the attackers steal Google account credentials, use the Find Hub feature to track device locations, and perform remote resets, resulting in personal data being deleted.
This attack has been confirmed as a follow-up action to KONNI APT activities, which are closely associated with North Korean government-supported Kimsuky and APT37. Security experts advise users to strengthen account security, enable two-factor authentication, and remain vigilant about files received through instant messaging tools.
