North Korean hackers are abusing Google’s Find Hub tool to track the GPS location of their targets and remotely reset Android devices to factory settings. The attacks are primarily targeting South Koreans, and start by approaching the potential victims over KakaoTalk messenger - the most popular instant messaging app in the country. South Korean cybersecurity solutions company Genians links the malicious activity to a KONNI activity cluster, which "has overlapping targets and infrastructure with Kimsuky and APT37." KONNI typically refers to a remote access tool that has been linked to attacks from North Korean hackers in the APT37 (ScarCruft) and Kimsuky (Emerald Sleet) groups that targeted multiple sectors (e.g., education, government, and cryptocurrency). According to Genians, the KONNI campaign infects computers with remote access trojans that enable sensitive data exfiltration. Wiping Android devices is done to isolate victims, delete attack traces, delay recovery, and silence security alerts. Specifically, the reset disconnects victims from KakaoTalk PC sessions, which the attackers hijack post-wiping to spread to their targets’ contacts.
Source: (Bleeping Computer)
No comments:
Post a Comment