The FBI warns about North Korean APT group Kimsuky using spear-phishing with malicious QR codes, known as quishing, to target government and research organizations. This method bypasses security controls, stealing data and hijacking cloud accounts, making it a high-threat vector in enterprise environments. #Kimsuky #quishing
Keypoints
- Kimsuky is a North Korean state-sponsored group focused on espionage activities.
- The threat employs QR codes embedded in emails to facilitate bypassing traditional security measures.
- Victimsβ mobile devices are redirected to attacker-controlled domains for data collection.
- Attackers use stolen credentials to access cloud services and conduct further phishing campaigns.
- The technique is considered MFA-resilient due to targeting unmanaged mobile devices outside corporate defenses.
Read More: https://www.securityweek.com/fbi-north-korean-spear-phishing-attacks-use-malicious-qr-codes/