Android and Windows devices have been targeted by the North Korean-linked threat operation Konni in data wiping attacks facilitated by the abuse of Google's asset tracking services Find Hub, according to The Hacker News.
Malicious emails purporting to be from South Korea's National Tax Service have been leveraged by Konni, also known as Opal Sleet, Earth Imp, TA406, Osmium, and Vedalia, to facilitate initial spear-phishing that deployed Lilith RAT and other payloads to the targeted PC, which then had its webcam and system spied on for more than a year, a report from the Genians Security Center found.
Attackers used stolen Google credentials to access Find Hub and remotely reset Android devices, resulting in unauthorized data removal. Intrusions also involved the distribution of nefarious ZIP files with the EndRAT malware via KakaoTalk. Such findings follow separate reports from ENKI and Pulsedive Threat Research detailing updated Comebacker malware and JavaScript-based malware dropper tapped by fellow North Korean hacking operations Lazarus Group and Kimsuky, respectively.
Malicious emails purporting to be from South Korea's National Tax Service have been leveraged by Konni, also known as Opal Sleet, Earth Imp, TA406, Osmium, and Vedalia, to facilitate initial spear-phishing that deployed Lilith RAT and other payloads to the targeted PC, which then had its webcam and system spied on for more than a year, a report from the Genians Security Center found.
Attackers used stolen Google credentials to access Find Hub and remotely reset Android devices, resulting in unauthorized data removal. Intrusions also involved the distribution of nefarious ZIP files with the EndRAT malware via KakaoTalk. Such findings follow separate reports from ENKI and Pulsedive Threat Research detailing updated Comebacker malware and JavaScript-based malware dropper tapped by fellow North Korean hacking operations Lazarus Group and Kimsuky, respectively.




