The FBI warns that North Korean hacker group Kimsuky is using malicious QR codes in spearphishing campaigns targeting U.S. organizations involved in North Korea-related policy and research. These attacks often bypass traditional security measures and can hijack cloud identities by stealing session tokens. #Kimsuky #quishing
Keypoints
- Kimsuky, a North Korean state-backed hacker group, is using QR codes in spearphishing attacks.
- The targeted victims include think tanks, NGOs, academic institutions, and government agencies in the U.S.
- Attacks involve redirecting victims to malicious sites impersonating login pages for credentials theft.
- Threat actors exploit mobile devices and bypass email security with QR code-based operations.
- The FBI recommends employee training, QR source verification, mobile management, and MFA enforcement to mitigate risks.