Ptechhub
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs
No Result
View All Result
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs
No Result
View All Result
PtechHub
No Result
View All Result

FBI Warns North Korean Hackers Using Malicious QR Codes in Spear-Phishing

The Hacker News by The Hacker News
January 9, 2026
Home Cybersecurity
Share on FacebookShare on Twitter


Jan 09, 2026Ravie LakshmananMobile Security / Email Security

The U.S. Federal Bureau of Investigation (FBI) on Thursday released an advisory warning of North Korean state-sponsored threat actors leveraging malicious QR codes in spear-phishing campaigns targeting entities in the country.

“As of 2025, Kimsuky actors have targeted think tanks, academic institutions, and both U.S. and foreign government entities with embedded malicious Quick Response (QR) codes in spear-phishing campaigns,” the FBI said in the flash alert. “This type of spear-phishing attack is referred to as quishing.”

The use of QR codes for phishing is a tactic that forces victims to shift from a machine that’s secured by enterprise policies to a mobile device that may not offer the same level of protection, effectively allowing threat actors to bypass traditional defenses.

Cybersecurity

Kimsuky, also tracked as APT43, Black Banshee, Emerald Sleet, Springtail, TA427, and Velvet Chollima, is a threat group that’s assessed to be affiliated with North Korea’s Reconnaissance General Bureau (RGB). It has a long history of orchestrating spear-phishing campaigns that are specifically designed to subvert email authentication protocols.

In a bulletin released in May 2024, the U.S. government called out the hacking crew for exploiting improperly configured Domain-based Message Authentication, Reporting, and Conformance (DMARC) record policies to send emails that look like they’ve come from a legitimate domain.

The FBI said it observed the Kimsuky actors utilizing malicious QR codes as part of targeted phishing efforts several times in May and June 2025 –

  • Spoofing a foreign advisor in emails requesting insight from a think tank leader regarding recent developments on the Korean Peninsula by scanning a QR code to access a questionnaire
  • Spoofing an embassy employee in emails requesting input from a senior fellow at a think tank about North Korean human rights issues, along with a QR code that claimed to provide access to a secure drive
  • Spoofing a think tank employee in emails with a QR code that’s designed to take the victim to infrastructure under their control for follow-on activity
  • Sending emails to a strategic advisory firm, inviting them to a non-existent conference by urging the recipients to scan a QR code to redirect them to a registration landing page that’s designed to harvest their Google account credentials by using a fake login page
Cybersecurity

The disclosure comes less than a month after ENKI revealed details of a QR code campaign conducted by Kimsuky to distribute a new variant of Android malware called DocSwap in phishing emails mimicking a Seoul-based logistics firm.

“Quishing operations frequently end with session token theft and replay, enabling attackers to bypass multi-factor authentication and hijack cloud identities without triggering typical ‘MFA failed’ alerts,” the FBI said. “Adversaries then establish persistence in the organization [and propagate secondary spear-phishing from the compromised mailbox.”

“Because the compromise path originates on unmanaged mobile devices outside normal Endpoint Detection and Response (EDR) and network inspection boundaries, Quishing is now considered a high-confidence, MFA-resilient identity intrusion vector in enterprise environments.”



Source link

Tags: computer securitycyber attackscyber newscyber security newscyber security news todaycyber security updatescyber updatesdata breachhacker newshacking newshow to hackinformation securitynetwork securityransomware malwaresoftware vulnerabilitythe hacker news
The Hacker News

The Hacker News

Next Post
Hopes rise for Chinese property support ahead of key March meeting

Hopes rise for Chinese property support ahead of key March meeting

Recommended.

Citrix Urges Patching Critical NetScaler Flaw Allowing Unauthenticated Data Leaks

Citrix Urges Patching Critical NetScaler Flaw Allowing Unauthenticated Data Leaks

March 24, 2026
Gansu advances industrial upgrade to bolster growth

Gansu advances industrial upgrade to bolster growth

March 10, 2026

Trending.

CELLCOM ISRAEL LTD. Announcement of A Special General Meeting of The Shareholders of The Company

CELLCOM ISRAEL LTD. Announcement of A Special General Meeting of The Shareholders of The Company

May 21, 2025
Veeam Debuts Data Resiliency Maturity Model To Assess, Improve Customers’ Cyber Resiliency

Veeam Debuts Data Resiliency Maturity Model To Assess, Improve Customers’ Cyber Resiliency

April 23, 2025
MocPOGO Easter Special Deals: The Pokémon GO Spoofer You Need for Might and Mastery 2025!

MocPOGO Easter Special Deals: The Pokémon GO Spoofer You Need for Might and Mastery 2025!

April 7, 2025
VNET Wins 40MW Wholesale Order from Leading Internet Company for Its New Strategic IDC Campus

VNET Wins 40MW Wholesale Order from Leading Internet Company for Its New Strategic IDC Campus

September 11, 2025
Insurance Modernization at Risk as Workforce Strategies Fall Behind, Says Info-Tech Research Group

Insurance Modernization at Risk as Workforce Strategies Fall Behind, Says Info-Tech Research Group

May 8, 2026

PTechHub

A tech news platform delivering fresh perspectives, critical insights, and in-depth reporting — beyond the buzz. We cover innovation, policy, and digital culture with clarity, independence, and a sharp editorial edge.

Follow Us

Industries

  • AI & ML
  • Cybersecurity
  • Enterprise IT
  • Finance
  • Telco

Navigation

  • About
  • Advertise
  • Privacy & Policy
  • Contact

Subscribe to Our Newsletter

  • About
  • Advertise
  • Privacy & Policy
  • Contact

Copyright © 2025 | Powered By Porpholio

No Result
View All Result
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs

Copyright © 2025 | Powered By Porpholio