Seoul: A North Korea-linked hacking group has launched a sophisticated cyberattack that remotely takes control of Android smartphones and personal computers (PCs) to wipe key data such as photos, documents, and contacts, according to a report released on Monday.
The group, believed to be associated with Pyongyang-backed threat actors Kimsuky or APT37, infiltrated victims’ devices using malware distributed via the popular South Korean messaging app KakaoTalk, the Genians Security Center (GSC) said in its report. The malware also stole account credentials for Google and other major domestic IT services.
Investigators found that the hackers used Google’s location-tracking features to confirm when victims were away from their homes or workplaces before remotely resetting their smartphones. The forced resets disrupted normal device functions, blocking notifications and messages, and effectively preventing users from realizing their devices had been compromised.
This process resulted in the complete deletion of critical data stored on infected devices, including personal files and contact information.
The report also revealed that attackers used infected PCs and tablets to spread additional malware disguised as “stress relief programs” to contacts of the original victims. In some cases, they allegedly used webcams on compromised computers to check whether victims were physically present, suggesting a level of real-time surveillance.
GSC described this attack method—combining device neutralization with account-based propagation—as “unprecedented” among known North Korean cyber operations.
“It demonstrates the attackers’ growing sophistication and advanced evasion strategies, marking a major turning point in APT (Advanced Persistent Threat) tactics,” the institute said.
The revelation comes days after renewed tensions on the Korean Peninsula. Last week, South Korea’s Defence Ministry strongly condemned North Korea’s suspected ballistic missile launch and urged Pyongyang to stop actions that heighten regional tensions.
The ministry expressed “deep regret” over the launch and North Korea’s criticism of joint South Korea-U.S. military drills. On Friday, North Korea fired a suspected short-range ballistic missile into the East Sea, a day after threatening “proper measures” against fresh U.S. sanctions.
