Threat Intelligence, Data Security

Google Find Hub exploited in North Korea-linked data wiping attacks

Korea North flag - 3D realistic waving flag on matrix digital ba

Android and Windows devices have been targeted by the North Korean-linked threat operation Konni in data wiping attacks facilitated by the abuse of Google's asset tracking services Find Hub, according to The Hacker News.

Malicious emails purporting to be from South Korea's National Tax Service have been leveraged by Konni, also known as Opal Sleet, Earth Imp, TA406, Osmium, and Vedalia, to facilitate initial spear-phishing that deployed Lilith RAT and other payloads to the targeted PC, which then had its webcam and system spied on for more than a year, a report from the Genians Security Center found.

Attackers used stolen Google credentials to access Find Hub and remotely reset Android devices, resulting in unauthorized data removal. Intrusions also involved the distribution of nefarious ZIP files with the EndRAT malware via KakaoTalk. Such findings follow separate reports from ENKI and Pulsedive Threat Research detailing updated Comebacker malware and JavaScript-based malware dropper tapped by fellow North Korean hacking operations Lazarus Group and Kimsuky, respectively.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds