North Korean Hackers Exploit Google’s Find My Device in Cyber Espionage Spree
North Korean state-sponsored hackers have been linked to a series of sophisticated cyber attacks targeting South Koreans. The attacks, attributed to the Konni advanced persistent threat (APT) group, involved data wiping, remote control, and location tracking of victims' devices.
The hackers initially gained access to victims' devices through spear-phishing emails, impersonating South Korea's National Tax Service. Once infiltrated, they exploited Google's Find Hub service to remotely control smartphones and tablets, tracking locations and performing factory resets. In a particularly concerning incident, a counsellor supporting North Korean defector students was targeted, with attackers using their compromised KakaoTalk account to send malware disguised as a 'stress-relief programme'. After wiping victims' Android devices, the hackers accessed their KakaoTalk PC accounts to spread malicious files to contacts. These attacks highlight a growing sophistication in North Korea's cyber-espionage operations, weaponising legitimate digital tools and trusted social networks. A similar mass malware distribution was detected on September 15 through another compromised KakaoTalk account.
The Korea Herald attributes these state-sponsored hacking attacks to North Korean hacker groups. The attacks underscore the evolving threat landscape, with cyber actors increasingly exploiting legitimate services and trusted platforms to carry out their operations. South Korea's cybersecurity agencies are urged to enhance their vigilance and response capabilities to counter these sophisticated threats.
