The FBI warns of an espionage campaign targeting mobile devices

On January 8, 2026, the Federal Bureau of Investigation (FBI) issued an alert concerning a spearphishing campaign conducted by the North Korean group Kimsuky, aimed at espionage and intelligence gathering.

This campaign targets American academic institutions and think tanks, as well as international government entities.

Spearphishing refers to highly targeted phishing attacks designed for specific organizations or profiles. In this case, the campaign relies on a rapidly growing technique to carry out the attack: quishing, or QR code–based phishing.

An attack designed to force a shift to mobile

The core of this campaign relies on the use of quishing, a QR code phishing technique with a simple objective: shifting the attack from the workstation to the mobile device.

QR codes are embedded in emails and presented as providing access to legitimate content. Once scanned from the user’s smartphone, the QR code redirects to an attacker-controlled page specifically designed for a mobile environment.

This shift to the mobile device is far from incidental. As the FBI points out, it allows attackers to move outside the usual protection perimeter of enterprise environments by bypassing security controls applied to workstations and email flows.

The FBI classifies quishing as a high-confidence intrusion vector, capable of bypassing MFA protections and enabling large-scale identity compromise.

Why MDMs are not sufficient against this type of attack

This alert highlights a clear reality: smartphones have become a strategic entry point, even in highly secure professional environments.

In its alert, the FBI recommends the deployment of Mobile Device Management (MDM) solutions to better regulate the use of mobile devices in the workplace.
This recommendation is legitimate: MDM allows organizations to configure, manage, and control devices, and to define security policies.

However, MDMs are not designed to dynamically analyze URLs, detect phishing attempts, or observe runtime behavior triggered by a malicious link opened on a mobile device.

This alert demonstrates that, while an MDM is essential for managing and supervising a mobile fleet, it must be supplemented by a mobile security solution capable of detecting and blocking mobile threats in real time, as they occur.

Pradeo Mobile Threat Defense: the essential security layer

To address this type of threat, a Mobile Threat Defense (MTD) solution is essential to provide the missing security layer.

Pradeo Mobile Threat Defense analyzes links accessed from mobile devices, including those originating from QR codes, and detects malicious redirections. Access is then automatically blocked before any sensitive user interaction occurs.

This level of control directly addresses the challenges highlighted in the FBI alert: the need to secure attack paths that shift to mobile devices and evade traditional security solutions.

Protecting professional environments now relies on mobile security capable of automatically detecting, blocking, and remediating threats directly on mobile devices.