The Federal Bureau of Investigation (FBI) warned that Kimsuky, a North Korea-backed hacking group, is carrying out hacking using malicious QR codes (quishing) targeting major U.S. institutions.
The FBI on the 8th said it released a cyber intelligence bulletin stating that it had detected attempts by Kimsuky hackers to steal information from U.S.-based foreign policy experts on North Korea using "quishing" methods in recent days. According to the bulletin, Kimsuky targeted organizations mainly related to U.S. policy on North Korea, including nongovernmental organizations (NGOs), think tanks, and academic institutions.
"Quishing" refers to a hacking technique that embeds a malicious URL in a QR code. The FBI said Kimsuky inserted QR codes that consolidated to sites disguised as survey L.I.N.Cs or event registration pages for employees of these organizations. Several cases were reported in which the group attempted to steal sensitive information such as passwords, personal data, and fingerprints.
The FBI emphasized that companies and institutions should educate their employees that scanning unverified QR codes is risky. It also cited requiring the use of complex passwords as a countermeasure.
It also recommended deploying mobile security tools that can analyze QR code consolidation URLs, using phishing-resistant multifactor authentication, logging and monitoring activity after QR code scans, and reviewing user access privileges.