N. Korea-backed hackers deploy new malware-led cyberattack: report
gettyimagesbank
A North Korea-linked hacking group has launched a new form of cyberattack that remotely controls Android smartphones and personal computers (PCs) to delete key data, including photos, documents and contact information, a report showed Monday.
The group, believed to be affiliated with Pyongyang-sponsored groups Kimsuky or APT37, infiltrated victims' smartphones and PCs through malware distributed via KakaoTalk and stole account information for Google and major domestic IT services, according to the report by the Genians Security Center (GSC), a South Korean cybersecurity institute.
They remotely reset the smartphones after using Google's location-based tracking system to confirm the victims were outside their homes or offices.
The remote reset halted normal device operation, blocking notification and message alerts from messenger apps and effectively cutting off the account owner's awareness channel, thereby delaying detection and response, the report explained.
Through this process, key data stored on the infected devices, including photos, documents and contacts, were completely deleted.
At the same time, the attackers spread malware disguised as "stress relief programs" to acquaintances through PCs and tablets already infected at the victims' homes or workplaces.
The GSC report said the hackers may have also used webcams on PCs to confirm whether victims are away from home, suggesting they may have monitored victims' movements through infected cameras.
The institute said this combination of device neutralization and account-based propagation is "unprecedented" among known North Korean cyberattack operations.
"It demonstrates the attacker's tactical maturity and advanced evasion strategy, marking a key inflection point in the evolution of APT tactics," it added.
APTs, short for advanced persistent threats, refer to a series of sophisticated and long-term cyberattacks.