Ethical Hacking News
The U.S. Federal Bureau of Investigation (FBI) has issued a warning about North Korean hackers using malicious QR codes in spear-phishing campaigns targeting entities in the United States and abroad. The FBI is urging organizations to be vigilant and take proactive measures to prevent such attacks, which can bypass traditional defenses and establish persistence within an organization.
The FBI has warned entities in the US about malicious QR codes used by North Korean state-sponsored threat actors in spear-phishing campaigns. Kimsuky, a group affiliated with North Korea's Reconnaissance General Bureau (RGB), has been linked to numerous spear-phishing campaigns targeting think tanks and government entities. The group uses malicious QR codes to spoof foreign advisors, embassy employees, and others, luring victims into scanning the code to access a questionnaire or download malware. The use of QR codes in phishing attacks allows threat actors to bypass traditional defenses and establish persistence within organizations. The FBI notes that quishing operations often result in session token theft and replay, enabling attackers to hijack cloud identities without triggering MFA alerts.
The U.S. Federal Bureau of Investigation (FBI) has issued a warning to entities in the country about the use of malicious QR codes by North Korean state-sponsored threat actors in spear-phishing campaigns. The FBI released an advisory in January 2026, highlighting the growing threat of Kimsuky, a group assessed to be affiliated with North Korea's Reconnaissance General Bureau (RGB).
Kimsuky has been linked to numerous spear-phishing campaigns targeting think tanks, academic institutions, and government entities in the United States and abroad. The group has been known to exploit vulnerabilities in email authentication protocols, including Domain-based Message Authentication, Reporting, and Conformance (DMARC) record policies.
The FBI observed Kimsuky actors utilizing malicious QR codes as part of targeted phishing efforts several times in May and June 2025. These QR code campaigns were used to spoof foreign advisors, embassy employees, and even think tank employees, luring victims into scanning the QR code to access a questionnaire or download malware. The attackers also sent emails to strategic advisory firms, inviting them to a non-existent conference by using a fake login page to harvest their Google account credentials.
The use of QR codes in phishing attacks is a tactic that forces victims to shift from a machine secured by enterprise policies to a mobile device that may not offer the same level of protection. This allows threat actors to bypass traditional defenses and establish persistence within the organization, enabling them to hijack cloud identities without triggering typical "MFA failed" alerts.
The FBI noted that quishing operations frequently end with session token theft and replay, allowing attackers to bypass multi-factor authentication and hijack cloud identities. This is considered a high-confidence, MFA-resilient identity intrusion vector in enterprise environments.
The disclosure comes less than a month after ENKI revealed details of a QR code campaign conducted by Kimsuky to distribute a new variant of Android malware called DocSwap in phishing emails mimicking a Seoul-based logistics firm.
Experts emphasize the importance of vigilance and proactive measures to prevent such attacks. Organizations must ensure that their employees are educated on the dangers of QR codes and how to identify potential phishing attempts. Implementing robust security measures, such as endpoint detection and response (EDR) and network inspection, can also help mitigate the risk of quishing operations.
The FBI's warning serves as a reminder of the evolving threat landscape in the cybersecurity world. As threat actors continue to adapt and innovate, it is essential for organizations to stay vigilant and invest in robust security measures to protect against such threats.
Related Information:
https://www.ethicalhackingnews.com/articles/FBI-Warns-of-North-Korean-Hackers-Using-Malicious-QR-Codes-in-Spear-Phishing-Campaigns-ehn.shtml
https://thehackernews.com/2026/01/fbi-warns-north-korean-hackers-using.html
Published: Fri Jan 9 00:56:15 2026 by llama3.2 3B Q4_K_M
