Konni Android and Windows data-theft and remote-control campaign
Campaign
Summary
Hide ▲
Show ▼
The Konni operation was linked to a new Android and Windows campaign that blended spear-phishing with malware delivery to steal credentials and enable remote control. Attackers impersonated psychological counselors and North Korean human rights activists to spread a fake stress-relief program, then used stolen Google logins to abuse Find Hub for remote device resets and personal-data deletion. The activity was detected in early September 2025, showing the group is combining social engineering with legitimate account services to expand impact.
Related Happenings
UNC6508 China-linked REDCap espionage campaign
Campaign
H score39
First: 15.06.2026 17:00
Last: 15.06.2026 17:00
Sources 1
About this happening:
**UNC6508** ran a **China-linked espionage campaign** against **exposed REDCap servers** used by **North American medical, academic, and military research networks**. The operatio...
UNC6508 China-linked REDCap espionage campaign
CampaignAbout this happening: **UNC6508** ran a **China-linked espionage campaign** against **exposed REDCap servers** used by **North American medical, academic, and military research networks**. The operatio...
Fake Gemini CLI and Claude Code SEO-poisoning infostealer campaign
Campaign
H score33
First: 22.05.2026 14:30
Last: 22.05.2026 14:30
Sources 1
About this happening:
**Cyber threat actors** ran a **malicious SEO-poisoning campaign** that impersonated **Google Gemini CLI** and **Anthropic Claude Code** to push malicious downloads. The operation...
Fake Gemini CLI and Claude Code SEO-poisoning infostealer campaign
CampaignAbout this happening: **Cyber threat actors** ran a **malicious SEO-poisoning campaign** that impersonated **Google Gemini CLI** and **Anthropic Claude Code** to push malicious downloads. The operation...
Bitter Middle East spear-phishing campaign targeting civil society figures
Campaign
H score28
First: 09.04.2026 13:45
Last: 09.04.2026 13:45
Sources 1
About this happening:
A **spear-phishing campaign** targeted **civil society figures in Middle Eastern countries**, including **three journalists in Egypt and Lebanon**, creating account-compromise ris...
Bitter Middle East spear-phishing campaign targeting civil society figures
CampaignAbout this happening: A **spear-phishing campaign** targeted **civil society figures in Middle Eastern countries**, including **three journalists in Egypt and Lebanon**, creating account-compromise ris...
FBI public warning on Signal and WhatsApp phishing
Public Sector Action
H score30
First: 20.03.2026 22:45
Last: 20.03.2026 22:45
Sources 1
About this happening:
The **US Department of State** is offering **up to $10 million** through the **Rewards for Justice** program for information that helps identify or locate **UNC5792** and **UNC422...
FBI public warning on Signal and WhatsApp phishing
Public Sector ActionAbout this happening: The **US Department of State** is offering **up to $10 million** through the **Rewards for Justice** program for information that helps identify or locate **UNC5792** and **UNC422...
Latest development: 29.06.2026 12:29
The US government offered up to $10 million for information leading to the identification of UNC5792 and UNC4221, Russian intelligence-linked threat actors targeting Signal and WhatsApp users by posing as automated support accounts and stealing verification codes or Backup Recovery Keys; CISA and the FBI warned that sharing a Backup Recovery Key can let the actor access historical private and group messages and potentially keep access after a new account is created with the same phone number.
Perseus Android malware family actively distributed in the wild
Malware Activity
H score27
First: 19.03.2026 14:43
Last: 19.03.2026 14:43
Sources 1
About this happening:
The **Perseus** **Android malware** family is being actively distributed in the wild, putting infected devices at risk of **device takeover** and **financial fraud**. It spreads t...
Perseus Android malware family actively distributed in the wild
Malware ActivityAbout this happening: The **Perseus** **Android malware** family is being actively distributed in the wild, putting infected devices at risk of **device takeover** and **financial fraud**. It spreads t...
Timeline
-
10.11.2025 22:29 2 articles · 8mo ago
Konni Android and Windows data-theft and remote-control campaign
Initial DisclosureThe operation opened with **spear-phishing emails** and fake **stress-relief** lures that pushed malware onto victim computers, then spread through **KakaoTalk** sessions to contacts. That foothold enabled credential theft and later abuse of **Google Find Hub** for remote device resets.
Show sources
- Konni Hackers Turn Google’s Find Hub into a Remote Data-Wiping Weapon — thehackernews.com — 10.11.2025 22:29
- Konni Hackers Turn Google’s Find Hub into a Remote Data-Wiping Weapon — thehackernews.com — 10.11.2025 22:29