What is the new QR code phishing threat the FBI is warning about?

The FBI is warning about sophisticated "quishing" attacks where threat actors embed malicious QR codes in emails to steal user credentials for services like Microsoft 365 and Okta.

Which organizations are being targeted by Kimsuky's QR code attacks?

US government institutions, think tanks, and academic organizations are the primary targets of these advanced phishing campaigns.

Home / Technology / FBI: QR Codes Are New Cyber Threat Vector

FBI: QR Codes Are New Cyber Threat Vector

Q: How does the FBI recommend defending against QR code phishing?

The FBI advises a multi-layered defense including employee training, clear reporting protocols for suspicious QR codes, and mobile device management.

10 Jan

•

Summary

North Koreans exploit QR codes for phishing US government entities.
Attacks target Microsoft 365, Okta, and VPN credentials.
Unmanaged mobile devices bypass standard security defenses.

FBI: QR Codes Are New Cyber Threat Vector

The FBI has issued a critical warning regarding a new wave of sophisticated phishing attacks originating from North Korea. These "quishing" campaigns specifically target US government institutions, think tanks, and academic organizations, aiming to steal sensitive Microsoft 365, Okta, and VPN credentials. The threat actor, known as Kimsuky, uses email lures containing QR codes embedded in images, which are harder for traditional security systems to detect and block.

These attacks exploit a common vulnerability: the use of personal mobile devices for scanning QR codes. Since these unmanaged devices often fall outside corporate endpoint detection and network inspection boundaries, they become prime targets. After scanning, victims are directed through multiple redirects that gather identifying information before landing on fake credential-harvesting pages designed to mimic legitimate login portals.

The FBI emphasizes that these "quishing" attacks are highly effective and resilient against multi-factor authentication, often resulting in session token theft. This allows attackers to gain persistent access and even launch secondary attacks from compromised accounts. To combat this threat, the FBI recommends a multi-layered defense strategy, including enhanced employee training, clear reporting protocols for suspicious QR codes, and robust mobile device management solutions.