19/69 Tuesday, January 13, 2026
The FBI has issued a warning about a new tactic used by the hacker group Kimsuky (also known as APT43), which is actively targeting government agencies and educational institutions. The group is using a technique known as Quishing-phishing via QR codes. In these attacks, hackers send spear-phishing emails containing QR code images that trick victims into scanning them. This approach forces victims to move from secured corporate computers to personal mobile devices to access malicious links, allowing attackers to bypass traditional email security controls.
From a technical perspective, the FBI explained that when a victim scans the QR code, they are redirected to an attacker-controlled domain designed to collect device information such as the operating system and IP address. The victim is then presented with a fake login page mimicking popular services like Microsoft 365, Okta, or mobile VPN portals. The primary goal is to steal session cookies, which can then be used in replay attacks, enabling attackers to access cloud services without triggering multi-factor authentication (MFA). Because the attack occurs on personal mobile devices outside the organization’s endpoint detection and response (EDR) coverage, it represents a particularly high-risk attack vector.
Investigations show that during May and June 2025, Kimsuky used this Quishing technique to target strategic consulting firms, impersonating embassy officials or foreign advisors and inviting victims to attend nonexistent conferences. Kimsuky has been active since 2012 and is primarily focused on cyber espionage targeting the United States, Japan, and South Korea, in support of North Korea’s weapons programs.
Source https://www.securityweek.com/fbi-north-korean-spear-phishing-attacks-use-malicious-qr-codes/
