Kimsuky QR-code spear-phishing campaign against think tanks and government entities
Campaign
Summary
Hide ▲
Show ▼
The FBI warned that Kimsuky (APT43) is running a QR-code spear-phishing campaign that targets think tanks, academic institutions, and U.S. and foreign government entities. The activity was observed in May and June 2025 and uses quishing lures to push victims toward credential-harvesting pages and attacker-controlled infrastructure. The operation matters because it can bypass enterprise defenses and lead to session token theft, MFA bypass, and cloud identity hijacking.
Related Happenings
Meta For Business Facebook Messenger fake-verification phishing campaign
Campaign
H score29
First: 07.07.2026 10:00
Last: 07.07.2026 10:00
Sources 1
About this happening:
A **phishing campaign** abused **Facebook Messenger chatbots** and fake verification lures to steal **Meta For Business** credentials and sensitive identity data, creating account...
Meta For Business Facebook Messenger fake-verification phishing campaign
CampaignAbout this happening: A **phishing campaign** abused **Facebook Messenger chatbots** and fake verification lures to steal **Meta For Business** credentials and sensitive identity data, creating account...
Russian intelligence Signal recovery-key phishing campaign
Campaign
H score29
First: 29.06.2026 11:15
Last: 29.06.2026 11:15
Sources 1
About this happening:
An active **Russian intelligence** phishing campaign is impersonating **Signal** support to steal **Backup Recovery Keys**, **verification codes**, and **account PINs**, putting *...
Russian intelligence Signal recovery-key phishing campaign
CampaignAbout this happening: An active **Russian intelligence** phishing campaign is impersonating **Signal** support to steal **Backup Recovery Keys**, **verification codes**, and **account PINs**, putting *...
OYSTERBLUES information-stealer delivery via spear-phishing
Malware Activity
H score27
First: 27.06.2026 20:27
Last: 27.06.2026 20:27
Sources 1
About this happening:
The **OYSTERBLUES** malware activity used **compromised accounts** and **spear-phishing** to reach **government organizations**, increasing the risk of credential theft and follow...
OYSTERBLUES information-stealer delivery via spear-phishing
Malware ActivityAbout this happening: The **OYSTERBLUES** malware activity used **compromised accounts** and **spear-phishing** to reach **government organizations**, increasing the risk of credential theft and follow...
KDDI Corporation hit by network compromise
Incident
H score92
First: 24.06.2026 15:45
Last: 24.06.2026 15:45
Sources 1
About this happening:
**KDDI Corporation** confirmed an **email-system breach** that exposed customer credentials across **six Japanese ISPs**, putting account access at risk. The intrusion was detecte...
KDDI Corporation hit by network compromise
IncidentAbout this happening: **KDDI Corporation** confirmed an **email-system breach** that exposed customer credentials across **six Japanese ISPs**, putting account access at risk. The intrusion was detecte...
Latest development: 08.07.2026 14:24
Attackers breached the KDDI email platform used by five Japanese ISPs on May 16 after exploiting a zero-day vulnerability in third-party software, exposing email addresses and passwords across the affected service providers.
North Korea-aligned developer-targeting operations shift from fake interviews to recruitment phishing at scale
Threat Actor Meta
H score31
First: 15.06.2026 22:32
Last: 15.06.2026 22:32
Sources 1
About this happening:
North Korea-aligned developer-targeting operations are shifting from **fake interviews** to **recruitment-themed phishing** at scale, increasing the risk of industrialized **crede...
North Korea-aligned developer-targeting operations shift from fake interviews to recruitment phishing at scale
Threat Actor MetaAbout this happening: North Korea-aligned developer-targeting operations are shifting from **fake interviews** to **recruitment-themed phishing** at scale, increasing the risk of industrialized **crede...
Timeline
-
09.01.2026 07:46 3 articles · 6mo ago
FBI warns of Kimsuky QR-code spear-phishing against think tanks and government entities
Initial DisclosureThe FBI warned that Kimsuky (APT43), a North Korea-affiliated threat group, used embedded malicious QR codes in spear-phishing emails to target think tanks, academic institutions, and U.S. and foreign government entities in 2025. The bureau said it observed the activity several times in May and June 2025, including lures that sent recipients to attacker-controlled landing pages or fake login pages to harvest Google account credentials and support session-token theft, MFA bypass, and cloud identity hijacking.
Show sources
- FBI Warns North Korean Hackers Using Malicious QR Codes in Spear-Phishing — thehackernews.com — 09.01.2026 07:46
- FBI Warns North Korean Hackers Using Malicious QR Codes in Spear-Phishing — thehackernews.com — 09.01.2026 07:46
- FBI warns about Kimsuky hackers using QR codes to phish U.S. orgs — www.bleepingcomputer.com — 09.01.2026 00:57