"The use of QR codes for phishing is a tactic that forces victims to shift from a machine that's secured by enterprise policies to a mobile device that may not offer the same level of protection, effectively allowing threat actors to bypass traditional defenses. Kimsuky, also tracked as APT43, Black Banshee, Emerald Sleet, Springtail, TA427, and Velvet Chollima, is a threat group that's assessed to be affiliated with North Korea's Reconnaissance General Bureau (RGB)."
"Kimsuky, also tracked as APT43, Black Banshee, Emerald Sleet, Springtail, TA427, and Velvet Chollima, is a threat group that's assessed to be affiliated with North Korea's Reconnaissance General Bureau (RGB). It has a long history of orchestrating spear-phishing campaigns that are specifically designed to subvert email authentication protocols. In a bulletin released in May 2024, the U.S. government called out the hacking crew for exploiting improperly configured Domain-based Message Authentication, Reporting, and Conformance (DMARC) record policies"
An FBI advisory warned that North Korean-affiliated Kimsuky has embedded malicious QR codes in targeted spear-phishing (quishing) campaigns against think tanks, academic institutions, and U.S. and foreign government entities. Threat actors use QR codes to move victims from enterprise-secured machines to less-protected mobile devices, enabling bypass of traditional defenses. Kimsuky (also tracked as APT43, Black Banshee, Emerald Sleet, Springtail, TA427, Velvet Chollima) is assessed as affiliated with North Korea's Reconnaissance General Bureau and has a history of spear-phishing and subverting email authentication. The FBI observed multiple May–June 2025 incidents spoofing advisors and embassy staff with QR-linked questionnaires or claimed secure drives.
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]