North Korean hackers weaponise Google, KakaoTalk in first-of-its-kind cyberattack targeting South Koreans

By Administrator

Published on 11/10/2025 17:46

News

Cybersecurity experts say North Korean hackers used Google’s Find Hub service and KakaoTalk messenger to remotely control and wipe Android devices in South Korea.

SEOUL, Nov 10 — North Korean state-sponsored hackers have hijacked Google accounts to take remote control of smartphones and tablets belonging to South Koreans, later using the KakaoTalk messenger app to spread malware to their contacts, The Korea Herald reported today.

According to South Korean cybersecurity firm Genians, the incident marks “the first confirmed case of a North Korean state-sponsored hacking group compromising Google accounts to gain remote control over smart devices.”

The attack was attributed to North Korea’s Konni advanced persistent threat (APT) cyber espionage group, long suspected of targeting South Korean individuals and institutions.

Genians said the hackers initially infiltrated victims’ devices through spear-phishing emails impersonating South Korea’s National Tax Service.

Once inside, the group gathered data and conducted internal reconnaissance before exploiting Google’s Find Hub service — a legitimate tool used to locate and secure lost Android devices — to execute data-wiping and tracking operations.

“This development demonstrates a realistic risk that the feature can be abused within advanced persistent threat (APT) campaigns,” the report stated.

The hackers allegedly abused Find Hub’s remote-control functions to track locations and perform factory resets on victims’ devices.