Beware of QR Codes – Quishing Attacks on the rise

The FBI has issued a sharp warning about a tactical shift by Kimsuky, the North Korea–linked cyberespionage group. Moving beyond traditional spear-phishing, the group is now using quishing (phishing via QR codes) to target government bodies, think tanks, and academic institutions. By embedding malicious QR codes in emails disguised as official documents or conference invitations, attackers bypass standard email security scanners and harvest credentials directly from victims’ mobile devices.

Relevance to the EnterpriseQR codes embedded as images often evade traditional email security gateways. Scanning a code shifts the attack surface from a managed corporate endpoint to a personal or unmanaged mobile device. Threat actors can bypass endpoint detection and steal session tokens, undermining multi-factor authentication.

The human firewall remains the most vulnerable layer in enterprise security. QR codes in emails should be treated with the same suspicion as unsolicited links or attachments.Security teams should prioritize phishing-resistant MFA such as FIDO2 hardware keys, which cannot be compromised by credential-harvesting sites.

NoteworthinessKimsuky’s adoption of quishing throughout mid-2025 highlights a sophisticated understanding of Western security gaps. The group is exploiting the disconnect between secure corporate networks and largely unmonitored mobile devices. This marks a shift from purely technical exploitation to hybrid social-technical attack strategies