FBI warns of attacks by North Korean cyber threat group using malicious QR codes

Jan 09, 2026 - 03:27 PM
hooded figure over keyboard

The FBI Jan. 8 released an alert on evolving threat tactics by Kimsuky, a North Korean state-sponsored cyber threat group. As of last year, the group has targeted research organizations, academic institutions, and U.S. and foreign government entities by embedding malicious QR codes in spear-phishing campaigns, referred to as “quishing.” The technique forces victims to use a mobile device to view the QR code, which could be received as an image, email attachment or embedded graphic that evades URL inspection. After scanning the malicious code, victims are routed through attacker-controlled redirectors that collect device and identity information for harvesting and use in additional malicious actions. 
 
“Although it appears that Kimsuky threat actors are not targeting health care directly, this serves as a reminder that social engineering, email and text-based ‘quishing’ attacks from other hacking groups are increasingly targeting health care due its effectiveness and ability to evade common cybersecurity defensive measures,” said John Riggi, AHA national advisor for cybersecurity and risk. “As we see an increase in the use of malicious QR code attacks, staff should be provided education on the dangers of scanning unsolicited QR codes at work, home and on their mobile devices.” 

For more information on this or other cyber and risk issues, contact Riggi at jriggi@aha.org. For the latest cyber and risk resources and threat intelligence, visit aha.org/cybersecurity

Related News Articles

Headline
Microsoft warns of sophisticated phishing campaign heavily targeting health care organizations
Microsoft Threat Intelligence is warning of a large scale, multistage phishing campaign that disproportionately targeted the health care sector, sending “code…
Headline
CISA announces initiative to bolster critical infrastructure against nation-state cyberattacks
The Cybersecurity and Infrastructure Security Agency has launched a new initiative for critical infrastructure to defend against cyberattacks through proactive…
Headline
Webinar to explore AI use in cybersecurity, health care technology 
John Riggi, AHA national advisor for cybersecurity and risk, will moderate a webinar May 5 at 1 p.m. ET that will explore how bad actors are leveraging…
Headline
AHA, Joint Commission announce cybersecurity readiness effort 
The AHA and Joint Commission May 4 announced the launch of the Cyber Resilience Readiness program, an initiative to help hospitals and health systems assess…
Headline
Agencies issue guidance on adopting agentic AI systems
The Cybersecurity and Infrastructure Security Agency, National Security Agency and international partners have released guidance on adopting agentic artificial…
Headline
Advisory details shifting tactics of Chinese cyber actors using covert networks for malicious activity
A joint advisory released April 23 from U.S. and international cybersecurity agencies, including the Cybersecurity and Infrastructure Security Agency, FBI,…