Scan at Your Own Risk: North Korea–Linked QR Phishing Triggers Warnings from FBI and South Korea

South Korean authorities have issued a public warning over a new form of QR code–based phishing attack linked to North Korean hacking groups, following similar alerts previously released by the U.S. Federal Bureau of Investigation (FBI).

According to the Korea Internet & Security Agency (KISA), multiple cases have been identified in which attackers impersonated government agencies and policy think tanks to lure victims into scanning malicious QR codes. The technique, known as “quishing”—a combination of “QR” and “phishing”—is designed to steal personal and authentication data or install malware on mobile devices.

KISA said the attackers typically target personal smartphones, which are not protected by corporate or institutional security systems. In recent cases, individuals posing as domestic and overseas think tank officials contacted victims under the pretense of conducting surveys or seeking expert opinions on geopolitical issues, encouraging them to scan QR codes for access.

In other instances, hackers masqueraded as officials from diplomatic or government-related institutions, using QR codes as a supposed method for granting access to sensitive information systems.

Once scanned, the QR codes redirected users either to malicious app downloads or to fake login pages closely resembling legitimate social networking or online platforms. If installed, the malicious applications could collect device information such as the phone model, IMEI number, stored text messages, photos, and other personal data.

Cybersecurity firms have also reported similar activity. In December, a security research group disclosed cases in which a North Korea–linked hacking organization used fake delivery notifications containing QR codes to distribute malicious mobile applications.

South Korea’s intelligence authorities have previously stated that North Korean cyber groups have employed advanced techniques, including quishing, to steal industrial technology and large sums of money across sectors such as defense, IT, and healthcare.

International concern has been growing as well. The FBI recently warned that QR-based phishing campaigns linked to the same hacking group have been expanding globally, targeting government institutions, think tanks, academic communities, and private companies. In one documented case, a phishing email disguised as a request for expert input on Korean Peninsula affairs included a QR code that led to a malicious survey page.

KISA advised the public not to scan QR codes from unknown or suspicious emails and text messages. Users who are uncertain about a QR code’s legitimacy are encouraged to verify it through official security channels. The agency also recommended mobile antivirus scans, certificate reissuance, and payment history checks if malware infection is suspected.