{
	"id": "a23d731f-261a-4524-8b39-86103ddf67a3",
	"created_at": "2026-04-06T01:30:56.921591Z",
	"updated_at": "2026-04-10T13:12:08.491265Z",
	"deleted_at": null,
	"sha1_hash": "d74b9153f23f16ee79267ca0206f1160df70c845",
	"title": "Phishing campaign used QR codes to target large energy company",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 307932,
	"plain_text": "Phishing campaign used QR codes to target large energy company\r\nBy Jonathan Greig\r\nPublished: 2023-08-16 · Archived: 2026-04-06 01:15:37 UTC\r\nCybersecurity researchers uncovered a large phishing campaign using malicious QR codes with the hopes of\r\nacquiring Microsoft credentials at several targets, including a major U.S. energy company.\r\nQR codes have become widely adopted since the onset of the COVID-19 pandemic, with thousands of restaurants\r\nand businesses replacing physical menus and guides with the machine-readable images that pull up webpages\r\ncontaining the same information.\r\nBut hackers have been quick to exploit the trend, launching campaigns that spread fake QR codes to steal user\r\ninformation.\r\nCybersecurity firm Cofense released a new report on Wednesday identifying a campaign that began in May\r\ntargeting a wide array of industries. The hackers sent thousands of emails containing malicious QR codes to\r\ncompanies, which took users to a Microsoft credential phishing page.\r\nThe report’s author, Cofense cyber threat intelligence analyst Nathaniel Raymond, told Recorded Future News\r\nthat they were unable to attribute the campaign to a specific threat actor but found similarities to a previous\r\ncampaign that used tools from companies in Russia.\r\n Examples of QR codes\r\nused in the campaign. Image: Cofense\r\nhttps://therecord.media/phishing-campaign-used-qr-codes-to-target-energy-firm\r\nPage 1 of 3\n\n“This campaign initially appeared in small numbers but eventually grew to a volume far beyond what is normally\r\nseen in campaigns of a similar level, making it stand out,” Raymond said, adding that the number of emails sent\r\nout has grown by about 270% each month.\r\nRaymond declined to name the energy company that was attacked but said that about 29% of the emails they\r\ntracked as part of the campaign were sent to the energy company.\r\nThe researchers said the manufacturing industry saw another 15% of the emails while insurance, tech and\r\nfinancial services firms also saw sizable portions of the campaign’s traffic.\r\nRaymond noted that it is likely other organizations are being attacked by the threat actors with the same campaign\r\nbut their percentages are based on the emails Cofense observed. The emails lured victims by appearing to relate to\r\naccount security updates. The QR code took victims to a fake Microsoft page asking for credentials.\r\nThe researchers noted that QR codes have not typically been used by hackers at this scale, but threat actors may be\r\ntesting out the method because of its effectiveness in comparison to more traditional links embedded in most\r\nphishing emails.\r\nThey noted that QR codes have a “much better chance of reaching an inbox as the phishing link is hiding inside\r\nthe QR image, while the QR image is embedded inside a PNG image or PDF attachment.”\r\nMost mobile devices are not regulated by employers, putting them outside of the protection of the enterprise\r\nenvironment, the researchers explained.\r\n Image: Cofense\r\nThe hackers also encoded the phishing links in redirects so that when victims flash their camera over the QR code,\r\nthe link that appears looks legitimate.\r\nSafeBreach CISO Avishai Avivi said the report represented an interesting development in how malicious actors\r\noperate, noting that the pandemic has made QR codes ubiquitous.\r\n“Users, by now, are used to responding to these codes by simply pulling their smartphones and scanning the code.\r\nThis action is done with little concern about whether these codes are malicious,” Avivi said.\r\n“This tendency to scan any QR code presented to the user raises concerns as some applications, including security\r\ncontrols, also use QR codes to accomplish different tasks. These tasks include confirming identity, enrolling an\r\nhttps://therecord.media/phishing-campaign-used-qr-codes-to-target-energy-firm\r\nPage 2 of 3\n\nauthenticator application, and more. A malicious code can bypass or divert the user to perform an action they did\r\nnot intend to execute.”\r\nJonathan Greig\r\nis a Breaking News Reporter at Recorded Future News. Jonathan has worked across the globe as a journalist since\r\n2014. Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia.\r\nHe previously covered cybersecurity at ZDNet and TechRepublic.\r\nSource: https://therecord.media/phishing-campaign-used-qr-codes-to-target-energy-firm\r\nhttps://therecord.media/phishing-campaign-used-qr-codes-to-target-energy-firm\r\nPage 3 of 3",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"MITRE"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://therecord.media/phishing-campaign-used-qr-codes-to-target-energy-firm"
	],
	"report_names": [
		"phishing-campaign-used-qr-codes-to-target-energy-firm"
	],
	"threat_actors": [],
	"ts_created_at": 1775439056,
	"ts_updated_at": 1775826728,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/d74b9153f23f16ee79267ca0206f1160df70c845.pdf",
		"text": "https://archive.orkl.eu/d74b9153f23f16ee79267ca0206f1160df70c845.txt",
		"img": "https://archive.orkl.eu/d74b9153f23f16ee79267ca0206f1160df70c845.jpg"
	}
}