South Korea-based counselor who specializes in psychological support hit by account takeover attack
Incident
Summary
Hide ▲
Show ▼
The KakaoTalk account of a South Korea-based counselor was compromised on September 5, allowing an attacker to send a malicious file to an actual defector student. The file was disguised as a “stress relief program”, turning a trusted support channel into a delivery path. The incident matters because it combined account takeover with targeted social engineering against a vulnerable cohort.
Related Happenings
Finnish arrest and U.S. charges in Bouquet Scattered Spider case
Law Enforcement
First: 28.04.2026 18:39
Last: 28.04.2026 18:39
Sources 1
About this happening:
**Finnish law enforcement** arrested **Bouquet**, and **U.S. federal prosecutors** later charged him in a cross-border **Scattered Spider** cybercrime case. The charges include **...
Finnish arrest and U.S. charges in Bouquet Scattered Spider case
Law EnforcementAbout this happening: **Finnish law enforcement** arrested **Bouquet**, and **U.S. federal prosecutors** later charged him in a cross-border **Scattered Spider** cybercrime case. The charges include **...
Unnamed high-profile Lebanese journalist hit by network compromise
Incident
First: 09.04.2026 13:45
Last: 09.04.2026 13:45
Sources 1
About this happening:
An **unnamed high-profile Lebanese journalist** had an **Apple account** successfully compromised in **2025**, creating unauthorized access to a personal and professional identity...
Unnamed high-profile Lebanese journalist hit by network compromise
IncidentAbout this happening: An **unnamed high-profile Lebanese journalist** had an **Apple account** successfully compromised in **2025**, creating unauthorized access to a personal and professional identity...
ShinyHunters vishing campaign targeting SSO accounts
Campaign
First: 02.02.2026 15:46
Last: 02.02.2026 15:46
Sources 1
About this happening:
The **ShinyHunters** group ran a **voice phishing** campaign against **single sign-on (SSO) accounts** at **Okta, Microsoft, and Google**, widening risk across **more than 100 hig...
ShinyHunters vishing campaign targeting SSO accounts
CampaignAbout this happening: The **ShinyHunters** group ran a **voice phishing** campaign against **single sign-on (SSO) accounts** at **Okta, Microsoft, and Google**, widening risk across **more than 100 hig...
Latest development: 26.05.2026 22:46
ShinyHunters claims it breached Charter Communications on April 1 by vishing an employee's Microsoft Entra account, then used that access to export millions of consumer and business customer records from the company's Salesforce instance; Charter says no sensitive personal information or CPNI was exfiltrated.
Konni APT KakaoTalk spear-phishing campaign targeting Android users in South Korea
Campaign
First: 11.11.2025 13:40
Last: 11.11.2025 13:40
Sources 1
About this happening:
A **Konni APT** operation is using **spear-phishing** and **KakaoTalk** to compromise **Android users in South Korea**, enabling device compromise and malware spread. The multi-st...
Konni APT KakaoTalk spear-phishing campaign targeting Android users in South Korea
CampaignAbout this happening: A **Konni APT** operation is using **spear-phishing** and **KakaoTalk** to compromise **Android users in South Korea**, enabling device compromise and malware spread. The multi-st...
Konni Android and Windows data-theft and remote-control campaign
Campaign
First: 10.11.2025 22:29
Last: 10.11.2025 22:29
Sources 1
About this happening:
The **Konni** operation was linked to a new **Android and Windows** campaign that blended **spear-phishing** with malware delivery to steal credentials and enable remote control....
Konni Android and Windows data-theft and remote-control campaign
CampaignAbout this happening: The **Konni** operation was linked to a new **Android and Windows** campaign that blended **spear-phishing** with malware delivery to steal credentials and enable remote control....
Timeline
-
11.11.2025 02:46 2 articles · 6mo ago
KakaoTalk account takeover delivers malicious file to defector student
Initial DisclosureA threat actor compromised the KakaoTalk account of a South Korea–based counselor who specializes in psychological support for North Korean defector youth and sent an actual defector student a malicious file disguised as a “stress relief program”.
Show sources
- APT37 hackers abuse Google Find Hub in Android data-wiping attacks — www.bleepingcomputer.com — 11.11.2025 02:46
- APT37 hackers abuse Google Find Hub in Android data-wiping attacks — www.bleepingcomputer.com — 11.11.2025 02:46
-
11.11.2025 02:46 1 articles · 6mo ago
Genians observes another KakaoTalk-based attack on a separate victim
Campaign Scope UpdateGenians noticed another attack on a separate victim on September 15 using the same KakaoTalk-based method, showing the campaign continued beyond the initial counselor compromise and file-delivery lure.
Show sources
- APT37 hackers abuse Google Find Hub in Android data-wiping attacks — www.bleepingcomputer.com — 11.11.2025 02:46
-
11.11.2025 02:46 1 articles · 6mo ago
Genians publishes Find Hub abuse analysis, IoCs, and protections
Technical Analysis UpdateGenians' report described North Korean hackers abusing Google Find Hub to track victims' GPS locations and remotely reset Android devices, and it added technical analysis, IoCs, and guidance to protect Google accounts with multi-factor authentication and quick recovery-account access.
Show sources
- APT37 hackers abuse Google Find Hub in Android data-wiping attacks — www.bleepingcomputer.com — 11.11.2025 02:46