"Researchers at South Korean cybersecurity firm Genians said the campaign, attributed to the long-running KONNI group, abused Google's device management features to trigger factory resets on compromised smartphones and tablets. In several cases, victims' devices were wiped without authorization, erasing messages, photos, and other data that could have revealed traces of the intrusion. The KONNI group, linked for years to North Korea's intelligence apparatus, has a history of espionage operations aimed at Seoul's government, military, and think tank sectors."
"According to Genians, the attackers used stolen Google account credentials harvested through spear-phishing or fake login pages to access victims' profiles on the Find My Device platform. The feature, which allows users to locate lost phones, lock them, or perform a factory reset, became an unwitting tool for sabotage. Once logged in, the hackers could trigger remote wipes, locking victims out of their own phones and destroying incriminating evidence of compromise."
The campaign attributed to the KONNI group abused Google's device management features to trigger factory resets on compromised Android smartphones and tablets, resulting in unauthorized deletion of messages, photos, and other personal data. Attackers harvested Google account credentials through spear-phishing, fake login pages, and social engineering over KakaoTalk, then accessed the Find My Device platform to lock or wipe devices. Infections began with malicious files disguised as benign content and signed MSI attachments. Targets included South Korean government, military, and think tank sectors. Victims were often locked out of their phones, preventing recovery of erased data and hindering incident response.
Read at Theregister
Unable to calculate read time
Collection
[
|
...
]