FBI: North Korean Spear-Phishing Attacks Use Malicious QR Codes

The North Korean state-sponsored espionage group Kimsuky has targeted government organizations, think tanks, and academic institutions.

The North Korean APT Kimsuky has been targeting government entities, academic institutions, and think tanks with spear-phishing emails containing malicious QR codes, the FBI warns.

Referred to as quishing, this type of attack involves phishing emails containing QR codes with embedded malicious URLs that force the victims to use a mobile device instead of their corporate computer.

The phishing technique results in the bypass of traditional email security controls, the FBI notes in a fresh alert (PDF).

“Quishing campaigns commonly deliver QR images as email attachments or embedded graphics, evading URL inspection, rewriting, and sandboxing,” the FBI says.

Once the victim scans the malicious QR code, they are redirected through attacker-controlled domains designed to collect device information such as user-agent, OS, screen size, IP address, and locale.

This information allows the attackers to serve ...