Find notable cyber news and cases, enriched with sources, timelines, and signals.

Kimsuky QR-code spear-phishing campaign against think tanks and government entities

Campaign
First reported
Last updated
Happening score
H score 42
2 unique sources, 2 articles

Summary

Hide ▲

The FBI warned that Kimsuky (APT43) is running a QR-code spear-phishing campaign that targets think tanks, academic institutions, and U.S. and foreign government entities. The activity was observed in May and June 2025 and uses quishing lures to push victims toward credential-harvesting pages and attacker-controlled infrastructure. The operation matters because it can bypass enterprise defenses and lead to session token theft, MFA bypass, and cloud identity hijacking.

Related Happenings

Meta For Business Facebook Messenger fake-verification phishing campaign

Campaign
H score29 First: 07.07.2026 10:00 Last: 07.07.2026 10:00 Sources 1

About this happening: A **phishing campaign** abused **Facebook Messenger chatbots** and fake verification lures to steal **Meta For Business** credentials and sensitive identity data, creating account...

Russian intelligence Signal recovery-key phishing campaign

Campaign
H score29 First: 29.06.2026 11:15 Last: 29.06.2026 11:15 Sources 1

About this happening: An active **Russian intelligence** phishing campaign is impersonating **Signal** support to steal **Backup Recovery Keys**, **verification codes**, and **account PINs**, putting *...

OYSTERBLUES information-stealer delivery via spear-phishing

Malware Activity
H score27 First: 27.06.2026 20:27 Last: 27.06.2026 20:27 Sources 1

About this happening: The **OYSTERBLUES** malware activity used **compromised accounts** and **spear-phishing** to reach **government organizations**, increasing the risk of credential theft and follow...

KDDI Corporation hit by network compromise

Incident
H score92 First: 24.06.2026 15:45 Last: 24.06.2026 15:45 Sources 1

About this happening: **KDDI Corporation** confirmed an **email-system breach** that exposed customer credentials across **six Japanese ISPs**, putting account access at risk. The intrusion was detecte...

Latest development: 08.07.2026 14:24

Attackers breached the KDDI email platform used by five Japanese ISPs on May 16 after exploiting a zero-day vulnerability in third-party software, exposing email addresses and passwords across the affected service providers.

North Korea-aligned developer-targeting operations shift from fake interviews to recruitment phishing at scale

Threat Actor Meta
H score31 First: 15.06.2026 22:32 Last: 15.06.2026 22:32 Sources 1

About this happening: North Korea-aligned developer-targeting operations are shifting from **fake interviews** to **recruitment-themed phishing** at scale, increasing the risk of industrialized **crede...

Timeline

  1. 09.01.2026 07:46 3 articles · 6mo ago

    FBI warns of Kimsuky QR-code spear-phishing against think tanks and government entities

    Initial Disclosure

    The FBI warned that Kimsuky (APT43), a North Korea-affiliated threat group, used embedded malicious QR codes in spear-phishing emails to target think tanks, academic institutions, and U.S. and foreign government entities in 2025. The bureau said it observed the activity several times in May and June 2025, including lures that sent recipients to attacker-controlled landing pages or fake login pages to harvest Google account credentials and support session-token theft, MFA bypass, and cloud identity hijacking.

    Show sources