Assets
Crypto Deposit
Fiat Deposit
Convert
Transfer
Withdraw
My vouchers
Fund history
Dashboard
Account Security
Identity verification
API Management
Transaction Report
Log out
Register
BTCC / BTCC Square / Cryptopolitan /
FBI Exposes North Korean Hackers Using QR Codes to Infiltrate U.S. Policy Groups

FBI Exposes North Korean Hackers Using QR Codes to Infiltrate U.S. Policy Groups

Author:
Cryptopolitan
Published:
2026-01-09 18:45:13
4
3

FBI warns North Korean hackers are using QR codes to breach U.S. policy groups

Scanning for trouble: North Korean state-sponsored hackers are weaponizing QR codes to breach American think tanks and policy organizations. The FBI's latest advisory reveals a sophisticated phishing campaign that bypasses traditional email defenses—turning everyday barcodes into digital backdoors.

The QR Code Con

Forget malicious attachments. These operatives embed QR codes in seemingly legitimate emails. One quick scan redirects targets to fake login pages—harvesting credentials before victims realize they've been duped. It's social engineering with a 21st-century twist.

Why Policy Groups?

Think tanks and research organizations hold sensitive geopolitical intelligence, draft legislation analysis, and maintain networks with government officials. Compromising these groups offers Pyongyang a direct line to U.S. strategic thinking—and potential leverage in negotiations.

The Cybersecurity Arms Race

This campaign highlights a brutal truth: attack vectors evolve faster than defense protocols. As organizations harden email security, adversaries pivot to exploiting mobile device trust. The playbook keeps changing, and the cost of catching up keeps rising—almost like those transaction fees on legacy blockchains during peak congestion.

Zero Trust Isn't Optional

The advisory mandates a fundamental shift: verify everything, trust nothing. Employee training must now include QR code risks. Network segmentation becomes critical to limit lateral movement. Multi-factor authentication moves from recommended to non-negotiable.

Geopolitics in Binary

This isn't just cybercrime—it's statecraft by other means. Each breached think tank represents a intelligence goldmine, potentially swaying policy debates or revealing diplomatic vulnerabilities. The digital front in geopolitical conflict just got another weapon.

The bottom line? Your smartphone camera just became a potential attack surface. In an era where convenience battles security, sometimes the most dangerous thing you can scan isn't a price tag—it's someone else's agenda.

Kimsuky APT sends QR-based emails to policy and research targets

The FBI says Kimsuky APT used several themed emails in 2025. Each one matched the target’s job and interests. In May, attackers posed as a foreign advisor. They emailed a think tank leader asking for views on recent events on the Korean Peninsula. The email included a QR code that claimed to open a questionnaire.

Later in May, the group posed as an embassy worker. That email went to a senior fellow at a think tank. It asked for input on North Korean human rights. The QR code claimed to unlock a secure drive. That same month, another email pretended to come from a think tank employee. Scanning its QR code sent the victim to Kimsuky APT infrastructure built for malicious activity.

In June 2025, the FBI says the group targeted a strategic advisory firm. The email invited staff to a conference that did not exist. A QR code sent users to a registration page. A register button then pushed visitors to a fake Google login page. That page collected usernames and passwords. The FBI tied this step to credential harvesting activity tracked as T1056.003.

QR scans lead to token theft and account takeover

“Quishing operations frequently end with session token theft and replay [T1550.004], enabling attackers to bypass multi-factor authentication [T1550.004] and hijack cloud identities without triggering typical “MFA failed” alerts,” said the FBI.

The FBI says many of these attacks end with session token theft and replay. This allows attackers to bypass multi-factor authentication without triggering alerts. Accounts are taken over quietly. After that, attackers change settings, add access, and keep control. The FBI says compromised mailboxes are then used to send more spearphishing emails inside the same organization.

The FBI notes that these attacks start on personal phones. That puts them outside normal endpoint detection tools and network monitoring. Because of this, the FBI said:-

“Quishing is now considered a high-confidence, MFA-resilient identity intrusion vector in enterprise environments.”

The FBI urges organizations to reduce risk. The agency says staff should be warned about scanning random QR codes from emails, letters, or flyers. Training should cover fake urgency and impersonation. Workers should verify QR code requests through direct contact before logging in or downloading files. Clear reporting rules should be in place.

The FBI also recommends using:- “phishing-resistant MFA for all remote access and sensitive systems,” and “reviewing access privileges according to the principle of least privilege and regularly audit for unused or excessive account permissions.”

Claim your free seat in an exclusive crypto trading community - limited to 1,000 members.

|Square

Get the BTCC app to start your crypto journey

Download on the App Store GEI IT ON Google Play

Get started today Scan to join our 100M+ users

Exchange for a better future

Products
Services
Guides
About Us
Terms & Agreement
Customer Service

Risk warning: Digital asset trading is an emerging industry with bright prospects, but it also comes with huge risks as it is a new market. The risk is especially high in leveraged trading since leverage magnifies profits and amplifies risks at the same time. Please make sure you have a thorough understanding of the industry, the leveraged trading models, and the rules of trading before opening a position. Additionally, we strongly recommend that you identify your risk tolerance and only accept the risks you are willing to take. All trading involves risks, so you must be cautious when entering the market.

The world’s longest-running cryptocurrency exchange since 2011 © 2011 - 2026 BTCC.com. All rights reserved

All articles reposted on this platform are sourced from public networks and are intended solely for the purpose of disseminating industry information. They do not represent any official stance of BTCC. All intellectual property rights belong to their original authors. If you believe any content infringes upon your rights or is suspected of copyright violation, please contact us at [email protected]. We will address the matter promptly and in accordance with applicable laws.BTCC makes no explicit or implied warranties regarding the accuracy, timeliness, or completeness of the republished information and assumes no direct or indirect liability for any consequences arising from reliance on such content. All materials are provided for industry research reference only and shall not be construed as investment, legal, or business advice. BTCC bears no legal responsibility for any actions taken based on the content provided herein.