A North Korea-linked hacking group has launched a new cyberattack that lets them remotely control and erase data from Android smartphones and personal computers. This tactic, uncovered in South Korea, involves malware spread through popular apps like KakaoTalk, targeting users and stealing sensitive information before wiping devices clean.
The attacks started showing up in September 2025, with hackers impersonating trusted contacts to distribute harmful files. Victims include psychological counselors and human rights activists focused on North Korea issues. By using stolen Google accounts and location tracking, the group resets devices when owners are away, then spreads the malware further through compromised contacts.
How the Hackers Pull Off Remote Data Wipes
This hacking method stands out for its clever mix of social tricks and tech exploits. Attackers first infect devices with malware disguised as helpful programs, like a stress relief app. Once inside, they stay hidden for weeks or months, quietly grabbing login details for services such as Google, KakaoTalk, and Naver.
With this access, hackers track device locations using Google’s Find My Device feature. They wait until the victim leaves home or work, then remotely reset the smartphone to factory settings. This erases photos, documents, contacts, and other key data without the owner noticing right away.
At the same time, the group uses other infected devices, like home PCs or tablets, to send malware to the victim’s friends and colleagues. They block incoming calls and messages on the hacked phone, so victims cannot warn others quickly. This delay helps the attack spread fast.
Investigators found the malware even taps into webcams and microphones on PCs. This lets hackers spy to confirm when victims are absent, adding a creepy surveillance layer to the operation.
Who the Hackers Target and the Real-World Impact
The main victims so far are in South Korea, including professionals in mental health and activists working on North Korean human rights. One case involved a counselor whose phone got reset on September 5, 2025, leading to malware sent to their contacts. Ten days later, an activist’s device faced the same fate, infecting 36 acquaintances.
These attacks cause more than just data loss. Victims lose personal memories in photos and important work files. The emotional toll is high, especially for those already dealing with sensitive topics like defectors from North Korea.
Broader effects ripple out. Secondary victims who click the malicious files end up hacked too, creating a chain reaction. Cybersecurity experts say this could hit businesses or government workers next, stealing trade secrets or disrupting operations.
Here is a quick look at the attack timeline based on reported incidents:
| Date | Event | Details |
|---|---|---|
| September 5, 2025 | First known reset | Counselor’s smartphone wiped; malware sent via KakaoTalk |
| September 15, 2025 | Activist targeted | Device reset; malware distributed to 36 contacts |
| October 2025 onward | Ongoing analysis | Security firms detect dormant malware and webcam use |
This table shows how quickly the attacks escalated in just days.
The Group Behind the Attacks: North Korea Links
Experts point to groups like Kimsuky or APT37, known for ties to North Korea’s government. These hackers have a history of cyber operations to fund the regime or gather intelligence.
In 2025 alone, North Korea-linked cybercriminals have stolen over $2 billion in cryptocurrency through other hacks. This new tactic fits their pattern of evolving methods, from ransomware to AI-boosted scams. Past attacks hit defense firms and crypto exchanges, showing their growing skills.
South Korean police and cybersecurity teams, like Genians Security Center, uncovered these details through threat analysis. They note this is the first time hackers combined remote resets with account theft for data wipes.
Global watchdogs, including the FBI, have warned about North Korean hackers for years. Recent reports from 2025 highlight their use of fake IDs and AI to trick victims, making defenses harder.
Why This Attack Is a Game-Changer in Cyber Threats
What makes this hack unique is the “unprecedented” blend of techniques, as described by analysts. Unlike typical viruses that just steal data, this one neutralizes devices and uses them to infect others seamlessly.
It exploits everyday tools like location services and messaging apps, turning trust into a weakness. Social engineering plays a big role, where hackers pose as friends to lure clicks on bad files.
Compared to earlier North Korean hacks, like the 2014 Sony Pictures breach or recent crypto thefts, this focuses on personal disruption. It raises alarms for critical sectors, though no attacks on infrastructure like power grids have been linked yet.
The rise in such threats ties into broader trends. Hacking attempts on South Korean agencies jumped over five times in recent years, per government data. With North Korea ramping up cyber efforts amid economic pressures, experts predict more innovative attacks in 2026.
Steps to Protect Yourself from Similar Hacks
Staying safe requires smart habits and tools. First, always verify unexpected files or links, even from known contacts, by calling them directly.
Update your devices and apps regularly to patch security holes. Use strong, unique passwords and enable two-factor authentication on accounts like Google and KakaoTalk.
Here are key prevention tips:
- Install reputable antivirus software that scans for malware in real time.
- Avoid clicking links in messages; download apps only from official stores.
- Turn off location sharing unless needed, and review app permissions often.
- Back up important data to the cloud or external drives weekly.
If you suspect a hack, change passwords immediately and report to authorities. For Android users, Google’s Find My Device can help locate lost phones, but secure it with a strong PIN.
Global Response and What Comes Next
Nations are stepping up against these threats. South Korea has boosted cybersecurity funding, and international groups share intel on North Korean tactics. In 2025, joint efforts exposed hacks on crypto platforms, leading to some asset recoveries.
Still, challenges remain. North Korea evades sanctions through cyber means, funding weapons programs. Experts call for better global cooperation to track and block these groups.
As this story develops, it highlights the need for vigilance in our connected world. Share your thoughts in the comments: Have you faced suspicious messages lately? Spread the word by sharing this article to help others stay safe.
