North Korean hackers using malicious QR codes in spear phishing, FBI warns

• North Korean group Kimsuky is using QR code phishing to steal credentials
• Attacks bypass MFA via session token theft, exploiting unmanaged mobile devices outside EDR protections
• FBI urges multi-layered defense: employee training, QR reporting protocols, and mobile device management

North Koreans are targeting US government institutions, think tanks, and academia with highly sophisticated QR code phishing, or 'quishing' attacks, going for their Microsoft 365, Okta, or VPN credentials.

This is according to the Federal Bureau of Investigation (FBI) which recently published a new Flash report, warning both domestic and international partners about the ongoing campaign.

In the report, it said that a threat actor known as Kimsuky is sending out convincing email lures, containing images with QR codes. Since the images are more difficult to scan and deem malicious, the emails bypass protections more easily and land in people’s inboxes.