A related component of the Konni APT campaign (November 2025 activity referenced in SCC-CAM-2026-0036) abused stolen Google credentials to issue remote wipe commands against Android devices via Google’s Find My Device functionality. No CVE applies; this is credential-driven abuse of a legitimate platform feature. Organizations should force re-authentication and audit active sessions for any Google accounts belonging to users who may have been targeted, and review Google account security activity for unauthorized Find My Device access.