The Federal Bureau of Investigation (FBI) is releasing this FLASH to alert NGOs, think tanks, academia, and other foreign policy experts with a nexus to North Korea of evolving tactics employed by the North Korean state-sponsored cyber threat group Kimsuky and to provide mitigation recommendations.
As of 2025, Kimsuky actors have targeted think tanks, academic institutions, and both U.S. and foreign government entities with embedded malicious Quick Response (QR) codes in spearphishing campaigns. This type of spearphishing attack is referred to as Quishing. Quishing (QR Code Phishing) is a phishing technique in which adversaries embed malicious URLs inside QR codes to force victims to pivot from their corporate endpoint to a mobile device, bypassing traditional email security controls. Tracked by MITRE ATT&CK as [T1660],
Read more…
Source: U.S. Federal Bureau of Investigation
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- National cybercrime network operating for 14 years dismantled in Indonesia
December 8, 2025
Security researchers have uncovered enormous cybercrime infrastructure in Indonesia that’s been operating unabated for more than 14 years. The length of the operation, the domains included, the malware circulated, and the data being sold on the black market, were all so big that the researchers – Malanta.ai – said the campaign resembles a nation-state campaign ...
- React2Shell RCE flaw exploited by Chinese hackers hours after disclosure
December 8, 2025
Just as the experts predicted, cybercriminals are now actively exploiting the critical severity vulnerability in React Server Components (RSC) that was discovered late last week. To make matters worse, the crooks observed abusing the bug seem to be working for the Chinese government. Late last week, the React team published a security advisory detailing a pre-authentication ...
- AI-Automated Threat Hunting Brings GhostPenguin Out of the Shadows
December 8, 2025
Hunting high-impact, advanced malware is a difficult task. It becomes even harder and more time-consuming when defenders focus on low-detection or zero-detection samples. Every day, a huge number of files are sent to platforms like VirusTotal, and the relevant ones often get lost in all that noise. Identifying malware with low or no detections is ...
- How phishers hide banking scams behind free Cloudflare Pages
December 8, 2025
During a recent investigation, we uncovered a phishing operation that combines free hosting on developer platforms with compromised legitimate websites to build convincing banking and insurance login portals. These fake pages don’t just grab a username and password–they also ask for answers to secret questions and other “backup” data that attackers can use to bypass multi-factor ...
- Petco’s security lapse affected customers’ SSNs, drivers’ licenses and more
December 8, 2025
Last week, pet products and services giant Petco confirmed that it experienced a data breach involving customers’ personal information, without specifying what type of data was affected. On Friday, in a legally required filing with Texas’ attorney general’s office, Petco reported that the affected data included: names, Social Security numbers, driver’s license numbers, financial information such ...
- Poland detains three Ukrainians over possession of hacking equipment
December 8, 2025
A Polish court has ordered three Ukrainian nationals held on charges of computer fraud and possessing hardware and software designed to commit crimes, including a suspected attempt to damage IT data deemed crucial to national defence. The three men, aged 43, 42 and 39, were detained after a roadside check in Warsaw, Polish state news agency ...