FBI warns North Korean hackers using malicious QR codes

FBI warns North Korean hackers using malicious QR codes in spear-phishing thehackernews.com/2026/01/f… The U.S. Federal Bureau of Investigation (FBI) on Thursday released an advisory warning of North Korean state-sponsored threat actors leveraging malicious QR codes in spear-phishing campaigns targeting entities in the country. “As of 2025, Kimsuky actors have targeted think tanks, academic institutions, and both U.S. and foreign government entities with embedded malicious Quick Response (QR) codes in spear-phishing campaigns,” the FBI said in the flash alert. “This type of spear-phishing attack is referred to as quishing.” The use of QR codes for phishing forces victims to shift from a machine secured by enterprise policies to a mobile device that may not offer the same level of protection, effectively allowing threat actors to bypass traditional defences. Kimsuky, also tracked as APT43, Black Banshee, Emerald Sleet, Springtail, TA427, and Velvet Chollima, is a threat group assessed to be affiliated with North Korea’s Reconnaissance General Bureau (RGB). It has a long history of orchestrating spear-phishing campaigns designed to subvert email authentication protocols.