South Korea-based counselor who specializes in psychological support hit by account takeover attack
Incident
Summary
Hide ▲
Show ▼
The KakaoTalk account of a South Korea-based counselor was compromised on September 5, allowing an attacker to send a malicious file to an actual defector student. The file was disguised as a “stress relief program”, turning a trusted support channel into a delivery path. The incident matters because it combined account takeover with targeted social engineering against a vulnerable cohort.
Related Happenings
Instagram accounts for Obama White House hit by account takeover attack
Incident
H score40
First: 01.06.2026 20:32
Last: 01.06.2026 20:32
Sources 1
About this happening:
The **Instagram** accounts for the **Obama White House** and the **Chief Master Sergeant of the U.S. Space Force** were briefly **defaced** after attackers abused **Meta’s AI supp...
Instagram accounts for Obama White House hit by account takeover attack
IncidentAbout this happening: The **Instagram** accounts for the **Obama White House** and the **Chief Master Sergeant of the U.S. Space Force** were briefly **defaced** after attackers abused **Meta’s AI supp...
Finnish arrest and U.S. charges in Bouquet Scattered Spider case
Law Enforcement
H score45
First: 28.04.2026 18:39
Last: 28.04.2026 18:39
Sources 1
About this happening:
**Finnish law enforcement** arrested **Bouquet**, and **U.S. federal prosecutors** later charged him in a cross-border **Scattered Spider** cybercrime case. The charges include **...
Finnish arrest and U.S. charges in Bouquet Scattered Spider case
Law EnforcementAbout this happening: **Finnish law enforcement** arrested **Bouquet**, and **U.S. federal prosecutors** later charged him in a cross-border **Scattered Spider** cybercrime case. The charges include **...
Unnamed high-profile Lebanese journalist hit by network compromise
Incident
H score10
First: 09.04.2026 13:45
Last: 09.04.2026 13:45
Sources 1
About this happening:
An **unnamed high-profile Lebanese journalist** had an **Apple account** successfully compromised in **2025**, creating unauthorized access to a personal and professional identity...
Unnamed high-profile Lebanese journalist hit by network compromise
IncidentAbout this happening: An **unnamed high-profile Lebanese journalist** had an **Apple account** successfully compromised in **2025**, creating unauthorized access to a personal and professional identity...
ShinyHunters vishing campaign targeting SSO accounts
Campaign
H score84
First: 02.02.2026 15:46
Last: 02.02.2026 15:46
Sources 1
About this happening:
The **ShinyHunters** group ran a **voice phishing** campaign against **single sign-on (SSO) accounts** at **Okta, Microsoft, and Google**, widening risk across **more than 100 hig...
ShinyHunters vishing campaign targeting SSO accounts
CampaignAbout this happening: The **ShinyHunters** group ran a **voice phishing** campaign against **single sign-on (SSO) accounts** at **Okta, Microsoft, and Google**, widening risk across **more than 100 hig...
Latest development: 26.05.2026 22:46
ShinyHunters claims it breached Charter Communications on April 1 by vishing an employee's Microsoft Entra account, then used that access to export millions of consumer and business customer records from the company's Salesforce instance; Charter says no sensitive personal information or CPNI was exfiltrated.
Konni APT KakaoTalk spear-phishing campaign targeting Android users in South Korea
Campaign
H score38
First: 11.11.2025 13:40
Last: 11.11.2025 13:40
Sources 1
About this happening:
A **Konni APT** operation is using **spear-phishing** and **KakaoTalk** to compromise **Android users in South Korea**, enabling device compromise and malware spread. The multi-st...
Konni APT KakaoTalk spear-phishing campaign targeting Android users in South Korea
CampaignAbout this happening: A **Konni APT** operation is using **spear-phishing** and **KakaoTalk** to compromise **Android users in South Korea**, enabling device compromise and malware spread. The multi-st...
Timeline
-
11.11.2025 02:46 2 articles · 7mo ago
KakaoTalk account takeover delivers malicious file to defector student
Initial DisclosureA threat actor compromised the KakaoTalk account of a South Korea–based counselor who specializes in psychological support for North Korean defector youth and sent an actual defector student a malicious file disguised as a “stress relief program”.
Show sources
- APT37 hackers abuse Google Find Hub in Android data-wiping attacks — www.bleepingcomputer.com — 11.11.2025 02:46
- APT37 hackers abuse Google Find Hub in Android data-wiping attacks — www.bleepingcomputer.com — 11.11.2025 02:46
-
11.11.2025 02:46 1 articles · 7mo ago
Genians observes another KakaoTalk-based attack on a separate victim
Campaign Scope UpdateGenians noticed another attack on a separate victim on September 15 using the same KakaoTalk-based method, showing the campaign continued beyond the initial counselor compromise and file-delivery lure.
Show sources
- APT37 hackers abuse Google Find Hub in Android data-wiping attacks — www.bleepingcomputer.com — 11.11.2025 02:46
-
11.11.2025 02:46 1 articles · 7mo ago
Genians publishes Find Hub abuse analysis, IoCs, and protections
Technical Analysis UpdateGenians' report described North Korean hackers abusing Google Find Hub to track victims' GPS locations and remotely reset Android devices, and it added technical analysis, IoCs, and guidance to protect Google accounts with multi-factor authentication and quick recovery-account access.
Show sources
- APT37 hackers abuse Google Find Hub in Android data-wiping attacks — www.bleepingcomputer.com — 11.11.2025 02:46