FBI Warns North Korean Hackers Using QR‑Code Phishing for U.S. Espionage

The FBI has issued a public warning that a North Korean government‑sponsored hacking group known as Kimsuky is conducting targeted cyber‑espionage campaigns against U.S. individuals using QR‑code phishing, or "quishing." According to the bureau, the group has since May 2025 been emailing highly tailored messages with QR codes that redirect victims to malicious sites designed to steal credentials for services such as Okta, Microsoft 365 and VPNs, install malware or quietly collect device data like IP address and location. In one cited case, attackers posed as a foreign‑policy adviser and sent a think‑tank leader a QR code linking to a fake questionnaire, turning a seemingly routine request into an intelligence‑gathering operation. The FBI stresses that the codes themselves are not dangerous but hide malicious links, and that the campaigns are spear‑phishing rather than mass spam, focusing on policy, technology and research professionals. The alert comes as QR codes have become ubiquitous in U.S. daily life, raising concern that this familiar convenience is now a favored vector for state‑backed spying.