**FBI Warns About North Korean Hackers Adding Malicious QR Codes to Emails**

The Federal Bureau of Investigation (FBI) has issued a warning about a state-sponsored North Korean hacking group that has been using malicious QR codes to spy on select users. The group, known as Kimsuky, has been sending these malicious QR codes through emails, tricking victims into divulging sensitive information or downloading malware.

QR codes themselves are harmless and cannot infect or tamper with a phone. However, they can forward the user's device to a malicious website that is designed to look like a legitimate one. This website can then prompt the user to download malware or enter sensitive information into a form. Furthermore, the same websites can collect details about a user's device, including their IP address, operating system, and location.

The malicious websites can even serve up a "mobile-optimized" page that impersonates login portals for popular services like Microsoft 365, Okta, or VPNs. The goal is to trick users into entering their credentials, allowing the hackers to gain access to sensitive information.

While weaponized QR codes have been around for a while, they are normally associated with scammers rather than state-sponsored hackers. The FBI suggests that Kimsuky may be using these QR codes to bypass anti-phishing safeguards that involve checking for malicious internet URLs in emails.

**Who is Kimsuky?**

Kimsuky has been operating for over a decade and is known to conduct cyber-spying and intelligence gathering on behalf of the North Korean government. While they have traditionally targeted specific individuals through "spearphishing" attacks, this group hasn't gone after consumers at a large scale.

Targets have included officials from think tanks, academic institutions, and members of the US and foreign governments. In May 2025, Kimsuky sent an email containing a malicious QR code to a think tank leader "regarding recent developments on the Korean Peninsula." The email included the QR code to "scan for access to a questionnaire."

Later that month, Kimsuky actors spoofing an embassy employee sent an email requesting input from a senior fellow at a think tank regarding North Korean human rights issues. The email contained a QR code that purported to provide access to a secure drive.

**FBI Alert**

The FBI is urging the public to be aware of the risks associated with scanning unsolicited QR codes. They recommend verifying QR code sources through secondary means, such as contacting the sender directly, especially before entering login credentials or downloading files.

As more and more people rely on technology to conduct their daily lives, it's essential to stay vigilant against cyber threats. The FBI's warning serves as a reminder that even seemingly harmless tools like QR codes can be used for malicious purposes.

**Stay Safe**

To protect yourself from these types of attacks:

  • Verify QR code sources through secondary means, such as contacting the sender directly
  • Be cautious when scanning unsolicited QR codes
  • Avoid entering login credentials or downloading files from unknown sources
  • Use anti-phishing safeguards to check for malicious internet URLs in emails

Stay informed, stay vigilant, and stay safe online.