Hey everyone, recently I found some interesting info in an FBI report about a North Korean group called Kimsuky. It seems they are using QR codes in phishing emails to try and steal login credentials from US government institutions, think tanks, and academic organizations. The emails reportedly look quite convincing, and since QR codes are harder for normal protections to detect, they can bypass some standard security measures.
From what I understand, when someone scans these QR codes, they get redirected through multiple pages that collect info like device type, location, and other identifiers before reaching a fake login portal for services like Microsoft 365, Okta, or VPNs. The report mentions that this can even bypass multi-factor authentication, which surprised me a bit because MFA is usually a strong layer of defense.
The FBI suggests a “multi-layered” defense, like employee training, protocols for reporting suspicious QR codes, and mobile device management for analyzing these links. I’m curious if any of you have heard about Kimsuky’s activity before or seen similar attacks in other contexts. It makes me wonder how widespread these QR-based phishing attacks really are, especially for organizations outside the usual corporate setup. Also, are there particular signs we could look for when scanning QR codes to avoid falling into traps like these?
Just wanted to start a conversation to see what others think. The report is publicly available and seems to be based on solid observations, but the whole quishing technique seems pretty sneaky and not something most people would anticipate.