Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Career Intelligence
    • Cyber Tactics
    • Cybersecurity Education & Training
    • Leadership & Management
    • Security Talk
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Interactive Spotlight
    • Photo Galleries
    • Podcasts
    • Polls
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
CybersecuritySecurity NewswireCybersecurity News

Security Leaders Discuss FBI Warning: North Korea Exploiting QR Codes

By Jordyn Alger, Managing Editor
Chipped warning sign
Markus Spiske via Unsplash
January 13, 2026

The Federal Bureau of Investigation (FBI) published an alert on Jan. 8, related to evolving cyber techniques leveraged by North Korea. Specifically, these tactics were deployed by a state-sponsored threat group known as Kimsuky. 

According to the alert, Kimsuky is targeting entities with malicious QR codes in a spearphishing campaign, also referred to as quishing. 

“Quishing represents an emerging threat vector that exploits the inherent trust users place in QR codes, which obfuscate the destination,” explains Krishna Vishnubhotla, Vice President, Product Strategy at Zimperium. “Attackers place malicious QR codes in high-traffic areas, often disguised as legitimate promotional materials or utility services. Physical mail containing QR codes purporting to be from legitimate services, particularly effective for package delivery and financial service scams. While QR codes represent a small percentage, their unique evasion capabilities and growing adoption rates make them vectors with huge latent potential.” 

Kimsuky was identified utilizing malicious QR codes throughout May and June of 2025, targeting think tank workers in multiple instances.  

“The FBI advisory highlights why QR-code phishing is such an effective bypass,” Vishnubhotla asserts. “It shifts the attack onto mobile devices, where traditional email and network defenses have limited visibility. This reflects a clear mobile-first attack strategy, with groups like Kimsuky exploiting trusted QR-code workflows to drive mobile-targeted phishing, or mishing. Once scanned, users are redirected to attacker-controlled pages with little opportunity for interception. The FBI is calling this out because it signals a broader shift toward quieter, socially engineered mobile attacks that evade perimeter-based security.” 

The published FBI alert provides recommendations for mitigation, particularly for “NGOs, think tanks, academia, and other foreign policy experts with a nexus to North Korea.” 

Recommendations include, but are not limited to: 

  • Educate employees through security training programs 
  • Confirm QR code sources via secondary means (for instance, contacting the sender directly) 
  • Implement clear processes for reporting phishing attempts 
  • Utilize endpoint security solutions or mobile device management (MDM) solutions 
  • Patch known vulnerabilities

“The shift toward mobile-targeted phishing attacks is a clear signal that organizations must rethink their security strategies in the age of hybrid and remote work with employees using a variety of devices,” says Darren Guccione, CEO and Co-Founder at Keeper Security. “Attackers are increasingly exploiting mobile-first communication channels — SMS, QR codes and mobile-optimized phishing sites — to bypass traditional email security controls. The rise in device-aware phishing campaigns, where malicious content is only served to mobile users, makes detection even more challenging.

“To counter this, organizations need a comprehensive security approach that extends beyond desktop protections. This includes mobile threat defense, phishing-resistant MFA, clear Bring Your Own Device (BYOD) policies and a strong password management strategy to mitigate credential-based attacks. Security teams must also prioritize user education, ensuring employees recognize mobile-specific threats, such as smishing and quishing. With mobile phishing attacks on the rise, organizations that proactively secure their mobile environments will significantly reduce their overall risk exposure.”

KEYWORDS: FBI nation-state security QR codes threat intelligence

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Jordynalger

Jordyn Alger is the managing editor for Security magazine. Alger writes for topics such as physical security and cyber security and publishes online news stories about leaders in the security industry. She is also responsible for multimedia content and social media posts. Alger graduated in 2021 with a BA in English – Specialization in Writing from the University of Michigan. Image courtesy of Alger

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Cyber tech background

    Security’s Top Cybersecurity Leaders 2026

    Security magazine’s Top Cybersecurity Leaders 2026 award...
    Top Cybersecurity Leaders
  • Iintegration and use of emerging tools

    Future Proof Your Security Career with AI Skills

    AI’s evolution demands security leaders master...
    Columns
    By: Jerry J. Brennan and Joanne R. Pollock
  • The 2025 Security Benchmark Report

    The 2025 Security Benchmark Report

    The 2025 Security Benchmark Report surveys enterprise...
    The Security Benchmark Report
    By: Rachelle Blair-Frasier
Manage My Account
  • Security Newsletter
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Popular Stories

Hand reaching up out of the ocean

What I Learned About Burnout the Hard Way (and How to Actually Fix it)

Broken wet floor sign

Why Response Time Is Becoming the Missing Metric in Workplace Safety and Security

Paparazzi

When Private Events Become Public Infrastructure: What Celebrity OSINT Teaches Security Leaders

Cyber Tactics

AIBOMs: Bringing AI Security Out of the Shadows, A Practical Guide for Security Professionals

Medical professional

Nearly 85% of Nurses Experienced Workplace Violence in the Last Year

Kaseware sponsored webinar
Schneider Electric sponsored webinar

Events

August 25, 2026

Critical Infrastructure Security Is National Security: Protecting Essential Operations in an Era of Escalating Risk

LIVE: August 25, 2026 at 2 PM EDT Learn why critical infrastructure security has become a national security imperative, and the strategies organizations can adopt to improve visibility, collaboration, and response across their security operations.

August 27, 2026

Leveraging AI & Mobility to Advance Your Security Domain

LIVE: August 27, 2026 at 2 PM EDT Explore how AI-driven cloud security solutions can elevate your security domain enhancing threat detection, streamlining operations, and delivering the resilience modern organizations demand.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products


Alertmedia sponsored webinar

Related Articles

  • Pink neon lights

    Warning issued for 10-year-old vulnerability, security leaders discuss

    See More
  • Broken glass

    Security leaders discuss the new vulnerability added to CISA’s catalog

    See More
  • Colorful laptop

    Security leaders discuss botnet attack against Microsoft 365 accounts

    See More

Events

View AllSubmit An Event
  • July 8, 2026

    The 2026 Security Maturity Benchmark Report: Insights From Senior Security Leaders

    ON DEMAND: In this webinar, speakers will share key insights from the 2026 Security Maturity Benchmark Report, including why today’s threat environment demands greater maturity and how to evaluate your organization’s current security posture.
View AllSubmit An Event
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • Newsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2026. All Rights Reserved BNP Media, Inc. and BNP Media II, LLC.

Design, CMS, Hosting & Web Development :: ePublishing