A sophisticated remote data-wipe attack has been identified, targeting Android devices in South Korea. This campaign marks the first known instance of state-sponsored actors weaponizing Google’s Find Hub service to execute destructive operations. It features an advanced approach, employing social engineering, persistent backdoors, and manipulation of legitimate services to erase user data.
Initially, attackers distributed malicious files disguised as stress-relief programs through KakaoTalk, targeting a counselor’s contacts. Once the malware was installed, it set up remote access trojans for comprehensive surveillance, including webcam monitoring and keystroke logging. After gaining access to Google credentials via phishing tactics, the threat actors executed remote factory resets on the victims’ devices, permanently deleting personal data and disrupting functionality.
This operation, linked to the KONNI APT group, highlights the evolving sophistication of cyber threats, particularly in mobile environments. The strategic combination of credential theft, surveillance, and devastating actions illustrates a high level of tactical maturity in APT operations.
👉 Pročitaj original: Cyber Security News
