Home > National > Social Affairs

North Korea-backed hackers gain access to phones, PCs in South with coordinated cyberattack

Published: 10 Nov. 2025, 17:37 Updated: 10 Nov. 2025, 17:43

A hacking route shown in a threat analysis report released by cybersecurity company Genians on Nov. 10. [GENIANS]

A North Korea-backed hacking group has carried out a coordinated cyberattack targeting both smartphones and personal computers, marking the first such case detected in South Korea.

Genians, a local cybersecurity company, said Monday in a threat analysis report titled “State-Sponsored Remote Wipe Tactics Targeting Android Devices” that it had “identified signs of a large-scale malware distribution campaign involving simultaneous attacks on smartphones, tablets and PCs.”

The company attributed the incident to Konni, a hacking group linked to Kimsuky and APT37, both of which operate under North Korea’s Reconnaissance General Bureau.

The attack began on Sept. 5, when hackers infiltrated the smartphone of a local psychological counselor and spread malicious code disguised as a “stress relief app” to the victim’s contacts through KakaoTalk, according to Genians. A second wave of attacks occurred on Sept. 15, when another victim’s KakaoTalk account was used to distribute malware to 36 people.

During the operation, the hackers reportedly deleted key data stored on the victims’ smartphones, tablets and PCs to steal messenger accounts.

Cybersecurity experts say the case demonstrates a new level of sophistication in North Korean hacking tactics. The attackers are believed to have maintained control of the victim’s smartphone for over a year without detection, stealing the user’s Google account credentials and exploiting the “Find Hub” device-tracking function to spread malware.

A case of malware distribution shown in a threat analysis report released by cybersecurity company Genians on Nov. 10. [GENIANS]

Find Hub is a GPS-based tool that helps users locate lost or stolen devices. The hackers monitored the victims’ GPS data and launched attacks when they were away from home, remotely controlling messengers on their PCs and tablets to spread malicious code. They simultaneously wiped the victims’ smartphones to disable communication and delay response efforts.

“This is the first known case in which hackers simultaneously stole user accounts and disabled multiple devices,” a Genians official said, adding that “North Korean hacking techniques are becoming increasingly sophisticated.”

Genians advised users to enable two-step verification for Google accounts to strengthen security and to turn off PCs and tablets when leaving home, as hackers may use webcams to monitor victims’ movements. The company also emphasized the importance of verifying the safety of files shared via messaging platforms.

The cybersecurity industry warns that hacking tactics are likely to grow more advanced. In a report released on Nov. 5, Google Cloud’s Threat Intelligence Group predicted that attackers will increasingly exploit multimodal generative AI to create voice and deepfake video content for personalized phishing campaigns.

This article was originally written in Korean and translated by a bilingual reporter with the help of generative AI tools. It was then edited by a native English-speaking editor. All AI-assisted translations are reviewed and refined by our newsroom.
BY OH HYEON-WOO [[email protected]]