The CyberWire Daily Podcast 3.23.23
Ep 1786 | 3.23.23

Pyongyang’s intelligence services have been busy in cyberspace. Hacktivists exaggerate the effects of their attacks on OT. Ghostwriter is back. A twice-told tale: ineffective cyberwar campaigns.

Show Notes

DPRK threat actor Kimsuky uses a Chrome extension to exfiltrate emails, while ScarCruft prospects South Korean organizations. Hacktivists' claims of attacks on OT networks may be overstated. Ghostwriter remains active in social engineering attempts to target Ukrainian refugees. Joe Carrigan has cyber crime by the numbers. Our guest is Christian Sorensen from SightGain with analysis of the cyber effects of Russia’s war.

Selected reading.

North Korean hackers using Chrome extensions to steal Gmail emails (BleepingComputer)

Joint Cyber Security Advisory (Korean) (BundesamtfuerVerfassungsschutz)

North Korean APT group ‘Kimsuky’ targeting experts with new spearphishing campaign (Record)

ScarCruft's Evolving Arsenal: Researchers Reveal New Malware Distribution Techniques (The Hacker News)

The Unintentional Leak: A glimpse into the attack vectors of APT37 (Zscaler)

CHM Malware Disguised as Security Email from a Korean Financial Company: Redeyes (Scarcruft) (ASEC BLOG) 

A Propaganda Group is Using Fake Emails to Target Ukrainian Refugees (Bloomberg) 

We (Did!) Start the Fire: Hacktivists Increasingly Claim Targeting of OT Systems | Mandiant (Mandiant)

Fact or fiction, hacktivists' claims of industrial sabotage in Russia or Ukraine get attention online (CyberScoop)

The 5×5—Conflict in Ukraine's information environment (Atlantic Council)

How the Russia-Ukraine conflict has impacted cyber-warfare (teiss)

CommonMagic APT gang attacking organisations in Ukraine (Tech Monitor)