The Federal Bureau of Investigation (FBI) has issued a serious warning about a new cyber-attack method being used by North Korean hackers. The alert was released through an official FLASH advisory to quickly inform organizations about the threat. According to the FBI, this campaign is active and targeted. The goal is to steal sensitive information and gain unauthorized access.
The attacks are being carried out by a North Korean state-sponsored hacking group known as Kimsuky. This group is known for cyber-espionage and intelligence gathering. In this campaign, they are mainly targeting think tanks, universities, NGOs, government bodies, and policy-related organizations. Both U.S. and international entities are affected.
Instead of using normal phishing links, the attackers are placing malicious QR codes inside spear-phishing emails. These emails look legitimate and are often well written. When the recipient scans the QR code using a mobile phone, they are redirected to a fake website controlled by the hackers. This technique is now commonly referred to as QR-code phishing or “quishing.”
Once the QR code is scanned, the malicious website first collects device-related details. This includes information like IP address, browser type, operating system, and screen size. After this, the victim is shown a fake login page that looks like a real service. These pages often imitate trusted platforms such as cloud services or email providers.
The main aim of these fake pages is to steal usernames, passwords, and authentication tokens. In some cases, attackers can capture session tokens that allow them to bypass multi-factor authentication. This means hackers can access accounts without triggering normal security alerts. As a result, even protected systems can be compromised.
The FBI highlighted several real incidents from mid-2025 to support its findings. In one case, hackers pretended to be a foreign advisor and sent a QR code for a fake questionnaire. In another, they posed as embassy staff offering access to a secure document. There was also a case involving a fake conference invitation.
A major concern with this attack method is that it uses mobile devices. Since QR codes are scanned on phones, the activity often happens outside corporate security systems. This helps attackers avoid email scanners and endpoint protection tools. It makes detection harder for security teams and increases the success rate of the attack.
The FBI has advised people to be extremely cautious with QR codes, especially in unexpected emails. Users should always verify the sender before scanning any code. Organizations are urged to improve security training, use phishing-resistant authentication, and monitor accounts closely. Staying alert is the best defense against these evolving cyber threats.
Stay alert, and keep your security measures updated!
Source: Follow cybersecurity88 on X and LinkedIn for the latest cybersecurity news
