The U.S. Federal Bureau of Investigation (FBI) has issued an advisory warning that North Korean state-sponsored threat actors, identified as Kimsuky, are leveraging malicious Quick Response (QR) codes in advanced spear-phishing campaigns. Since 2025, these campaigns have targeted high-value entities, including think tanks, academia, and government organizations.
While the initial targets are traditional, this technique poses a severe cross-sector threat to the Web3 ecosystem. QR codes are foundational to Web3 user experience, commonly used for connecting hardware wallets, initiating multisig transactions, and logging into centralized exchanges or DeFi platforms. The adoption of malicious QR codes by sophisticated actors like Kimsuky means they can bypass traditional email filtering and deliver targeted social engineering payloads.
When scanned, these deceptive QR codes redirect victims to phishing sites—often sophisticated wallet drainers—designed to mimic legitimate platforms, leading to the compromise of digital assets. Web3 practitioners must treat unsolicited QR codes with extreme prejudice. We strongly advise meticulous verification of the source before scanning, and crucially, immediate inspection of the resulting URL on the mobile device. The inherent opacity of QR codes makes them a prime stealth vector, demanding maximum vigilance from digital asset holders against evolving nation-state tactics.
Source: FBI Warns North Korean Hackers Using Malicious QR Codes in Spear-Phishing
コメント