The FBI has warned about North Korean hackers Kimsuky leveraging QR codes in phishing attacks targeting U.S. and foreign government entities, academia, think tanks, and others.
A QR code phishing campaign exploits Microsoft Sway to distribute URLs to credential-stealing websites that also collect multi-factor authentication codes and session cookies.
