FBI warns of attacks by North Korean cyber threat group using malicious QR codes

The FBI Jan. 8 released an alert on evolving threat tactics by Kimsuky, a North Korean state-sponsored cyber threat group. As of last year, the group has targeted research organizations, academic institutions, and U.S. and foreign government entities by embedding malicious QR codes in spear-phishing campaigns, referred to as "quishing." The technique forces victims to use a mobile device to view the QR code, which could be received as an image, email attachment or embedded graphic that evades URL inspection. After scanning the malicious code, victims are routed through attacker-controlled redirectors that collect device and identity information for harvesting and use in additional malicious actions.

"Although it appears that Kimsuky threat actors are not targeting health care directly, this serves as a reminder that social engineering, email and text-based 'quishing' attacks from other hacking groups are increasingly targeting health care due its effectiveness and ability to evade common cybersecurity defensive measures," said John Riggi, AHA national advisor for cybersecurity and risk. "As we see an increase in the use of malicious QR code attacks, staff should be provided education on the dangers of scanning unsolicited QR codes at work, home and on their mobile devices."

For more information on this or other cyber and risk issues, contact Riggi at [email protected]. For the latest cyber and risk resources and threat intelligence, visit aha.org/cybersecurity.