Potential new technique - QRLJacking

[ajpc500]

Is it worth adding QRLJacking as an Initial access vector?

It's currently missing from ATT&CK and with ITW use and a very SaaS-native feel to it, it might be a good addition

Refs:

• Abuse from Star Blizzard: https://www.microsoft.com/en-us/security/blog/2025/01/16/new-star-blizzard-spear-phishing-campaign-targets-whatsapp-accounts/
• Research post from Kuba Gretzky: https://breakdev.org/evilqr-phishing/