Find notable cyber news and cases, enriched with sources, timelines, and signals.

Konni Android and Windows data-theft and remote-control campaign

Campaign
First reported
Last updated
Happening score
H score 32
1 unique sources, 1 articles

Summary

Hide ▲

The Konni operation was linked to a new Android and Windows campaign that blended spear-phishing with malware delivery to steal credentials and enable remote control. Attackers impersonated psychological counselors and North Korean human rights activists to spread a fake stress-relief program, then used stolen Google logins to abuse Find Hub for remote device resets and personal-data deletion. The activity was detected in early September 2025, showing the group is combining social engineering with legitimate account services to expand impact.

Related Happenings

UNC6508 China-linked REDCap espionage campaign

Campaign
H score39 First: 15.06.2026 17:00 Last: 15.06.2026 17:00 Sources 1

About this happening: **UNC6508** ran a **China-linked espionage campaign** against **exposed REDCap servers** used by **North American medical, academic, and military research networks**. The operatio...

Fake Gemini CLI and Claude Code SEO-poisoning infostealer campaign

Campaign
H score33 First: 22.05.2026 14:30 Last: 22.05.2026 14:30 Sources 1

About this happening: **Cyber threat actors** ran a **malicious SEO-poisoning campaign** that impersonated **Google Gemini CLI** and **Anthropic Claude Code** to push malicious downloads. The operation...

Bitter Middle East spear-phishing campaign targeting civil society figures

Campaign
H score28 First: 09.04.2026 13:45 Last: 09.04.2026 13:45 Sources 1

About this happening: A **spear-phishing campaign** targeted **civil society figures in Middle Eastern countries**, including **three journalists in Egypt and Lebanon**, creating account-compromise ris...

FBI public warning on Signal and WhatsApp phishing

Public Sector Action
H score30 First: 20.03.2026 22:45 Last: 20.03.2026 22:45 Sources 1

About this happening: The **US Department of State** is offering **up to $10 million** through the **Rewards for Justice** program for information that helps identify or locate **UNC5792** and **UNC422...

Latest development: 29.06.2026 12:29

The US government offered up to $10 million for information leading to the identification of UNC5792 and UNC4221, Russian intelligence-linked threat actors targeting Signal and WhatsApp users by posing as automated support accounts and stealing verification codes or Backup Recovery Keys; CISA and the FBI warned that sharing a Backup Recovery Key can let the actor access historical private and group messages and potentially keep access after a new account is created with the same phone number.

Perseus Android malware family actively distributed in the wild

Malware Activity
H score27 First: 19.03.2026 14:43 Last: 19.03.2026 14:43 Sources 1

About this happening: The **Perseus** **Android malware** family is being actively distributed in the wild, putting infected devices at risk of **device takeover** and **financial fraud**. It spreads t...

Timeline

  1. 10.11.2025 22:29 2 articles · 8mo ago

    Konni Android and Windows data-theft and remote-control campaign

    Initial Disclosure

    The operation opened with **spear-phishing emails** and fake **stress-relief** lures that pushed malware onto victim computers, then spread through **KakaoTalk** sessions to contacts. That foothold enabled credential theft and later abuse of **Google Find Hub** for remote device resets.

    Show sources