Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Konni APT KakaoTalk spear-phishing campaign targeting Android users in South Korea

Campaign
First reported
Last updated
Happening score
H score 47
1 unique sources, 1 articles

Summary

Hide ▲

A Konni APT operation is using spear-phishing and KakaoTalk to compromise Android users in South Korea, enabling device compromise and malware spread. The multi-stage tradecraft matters because it combines trusted messaging accounts, social engineering, and follow-on propagation to widen impact across a Korean user cohort. The activity began in July of last year and was still being used through Sept. 15.

Related Happenings

TrickMo C TikTok-lure campaign targeting banking and wallet users in France, Italy, and Austria

Campaign
First: 11.05.2026 18:15 Last: 11.05.2026 18:15 Sources 1

About this happening: The **TrickMo** operators ran an active **TikTok-themed** campaign between **January and February 2026**, targeting **banking and wallet users** in **France, Italy and Austria**....

Open Happening

APT37 BirdCall Android supply-chain campaign

Campaign
First: 05.05.2026 12:04 Last: 05.05.2026 12:04 Sources 1

About this happening: The **APT37** campaign now delivers a new **Android** variant of **BirdCall** through **trojanized APKs** on **sqgame[.]net**, expanding the operation beyond its known **Windows**...

Open Happening

Mirax Android banking trojan with residential proxy nodes

Malware Activity
First: 13.04.2026 17:30 Last: 13.04.2026 17:30 Sources 1

About this happening: Mirax is spreading across **Europe** with **remote access** and **residential proxy** features, increasing the risk of device compromise, data theft, and traffic abuse. The Androi...

Open Happening

Android RAT campaign using Hugging Face dropper lure

Campaign
First: 16.02.2026 12:24 Last: 16.02.2026 12:24 Sources 1

About this happening: In recent weeks, a **live Android RAT campaign** has used **Hugging Face** to deliver malicious APKs through a fake-update lure. The operation starts with a dropper app, such as *...

Open Happening

Kimsuky QR-code spear-phishing campaign against think tanks and government entities

Campaign
First: 09.01.2026 07:46 Last: 09.01.2026 07:46 Sources 1

About this happening: The **FBI** warned that **Kimsuky (APT43)** is running a **QR-code spear-phishing campaign** that targets **think tanks, academic institutions, and U.S. and foreign government ent...

Open Happening

Timeline

  1. 11.11.2025 13:40 1 articles · 6mo ago

    Psychological counselor KakaoTalk account compromise and remote reset

    Exploitation Observed

    Attackers compromised the KakaoTalk account of a psychological counselor supporting young North Korean defectors on Sept. 5, used Find Hub's location query, and executed a remote reset command on both an Android smartphone and a tablet, disrupting notification and message alerts and delaying detection and response.

    Show sources
    Open in new tab
  2. 11.11.2025 13:40 1 articles · 6mo ago

    Separate KakaoTalk account used for en masse malware distribution

    Campaign Scope Update

    Ten days later on Sept. 15, attackers used a separate victim's KakaoTalk account to distribute malicious AutoIt scripts and modules, including LilithRAT and RemcosRAT, in a simultaneous wave that broadened the campaign's malware delivery through trusted contacts.

    Show sources
    Open in new tab
  3. 11.11.2025 13:40 2 articles · 6mo ago

    Genians attributes Konni's Android remote reset campaign

    Initial Disclosure

    Genians disclosed a Konni campaign, also tracked as APT37, TA406, and Thallium under the Kimsuky umbrella, that targeted Android users in South Korea with social engineering, Google Find Hub abuse, and KakaoTalk-based malware delivery; the researchers said the operation remotely reset devices, deleted personal data, and released IoCs linked to the campaign.

    Show sources
    Open in new tab