Many people leave their PCs on simply because they find it inconvenient to turn them off. However, warnings have been issued that this habit can lead to serious security threats. This comes as evidence has emerged that a North Korean-backed hacking group remotely controlled personal smartphones and PCs to launch cyberattacks that completely deleted key data such as photos, documents, and contacts. The hackers reportedly used the webcam attached to the PC to check whether the victim was away from home before carrying out the cyberattack.

According to a threat analysis report released on November 11 by Genius Security Center, an information security company, a cyberattacker strongly suspected to be backed by North Korea was found to have caused direct damage in the real world by going beyond stealing personal information and targeting smartphones, tablets, and PCs.

According to the report, on September 5th, a hacker reset the smartphone of a domestic psychological counselor and used the hijacked KakaoTalk account to send malicious files disguised as a 'stress relief program' to many acquaintances.

On the 15th of the same month, an incident occurred where the Android smartphone of a North Korean human rights activist was reset, and malicious files were simultaneously distributed to 36 acquaintances through the hijacked KakaoTalk account.

The distribution of malware via KakaoTalk messages was analyzed as a typical social engineering-based hacking attack originating from North Korea, disguised as a trusted acquaintance relationship.

This incident revealed an unprecedented attack method. After infiltrating the victim's smartphone and PC, the hacker remained dormant for an extended period, stealing credentials for Google and major domestic IT service accounts.

The hacker used Google’s location-based services on the smartphone to confirm when the victim was outside their home or office, and then remotely reset the smartphone using Google’s “Find My Device Hub” feature. At the same time, the hacker used PCs or tablets already infected with malware at the victim’s home or office to distribute malicious code disguised as a “stress relief program” to acquaintances.

Records of a North Korean-backed hacker hijacking a victim's KakaoTalk account and sending malicious files. Genius Security Center

원본보기 아이콘

When some acquaintances became suspicious of the malicious files and tried to verify their authenticity by calling or messaging, the victim’s smartphone was already in a “blackout” state, with push notifications, calls, and messages blocked due to the hack. This delayed the initial response and caused the damage to spread rapidly. The hacker also deleted key data such as photos, documents, and contacts from the victims’ smartphones, tablets, and PCs.

There is also evidence that the hackers used webcams and microphones installed on PCs. The malware included functions to control the webcam and microphone, raising the possibility that victims were monitored through infected webcams. If the webcam did not have an indicator light, it is believed that victims would not have realized their video was being recorded.

Accordingly, Genius Security Center advised users to minimize hacking damage by using webcams with indicator lights and physically covering the camera lens when not in use. They also emphasized enabling two-factor authentication for logins, avoiding automatic password saving in browsers, and making a habit of turning off computers when leaving the house to minimize the risk of both physical and remote attacks.