Podcasts
Only Malware in the Building
Ep 13
Only Malware in the Building 6.3.25
Ep 13 | 6.3.25

The great CoGUI caper.

Show Notes
Transcript

[ Background Discussion ]

Liz Stokes: All right, Team, look alive. Wheels up in two minutes. Lights are good. Crowd is hot. Soundchecks are done. Let's lock it in. Dave, you're center stage. Selena, you're on the left mic. New guy, you'll be over here on mic three. New guy? New guy, over here. Where's the new guy?

 

Selena Larson: Keith texted me "be there in two," but that was like ten minutes ago.

 

Dave Bittner: Doesn't answer the question. Is he in the building?

 

Selena Larson: I thought he was in the bathroom?

 

Liz Stokes: All right folks, we're out of time.

 

Dave Bittner: Let's just go. The crew can wrangle him if he appears.

 

Selena Larson: Okay, showtime. We've done this before. We've got this.

 

Liz Stokes: Starting in three, two -- [ Music ] Selena, that's you. Go. [ Music ]

 

Selena Larson: Welcome. Welcome to Only Malware in the Building, the podcast where three cybersecurity nerds try to -- [ Crashing ] [ Microphone Feedback ] Hold on. Dave. Dave, can you fix this?

 

Dave Bittner: Yep, got it. [tapping mic] Okay, good to go. One more time from the top. [ Music ]

 

Selena Larson: Today, we're talking about phishing scams. Specifically, we have heard some campaigns have been more targeted.

 

Keith Mularski: Hey, am I late? I got -- I got stuck in the --

 

Liz Stokes: New guy, you're here. You're on. Go, now. [ Screaming ] [ Explosions ]

 

Dave Bittner: Keith.

 

Selena Larson: Keith. [ Cheering ]

 

Keith Mularski: Well, okay. Where are we? Are we live?

 

Selena Larson: No, totally a dress rehearsal for an entire live audience.

 

Dave Bittner: Welcome to the show, Keith.

 

Keith Mularski: Right, yes, absolutely thrilled to be here. Did we already start?

 

Selena Larson: Only three times.

 

Dave Bittner: Let's try for a fourth. Phishing scams. Today's episode is about [cell phones chime] -- turn off those cell phones.

 

Keith Mularski: I don't even own a third phone. Where is it coming from?

 

Selena Larson: Okay, focus. Phishing, phish-ing. We need to get this back on track. We keep getting distracted, and our audience deserves better than [coughing].

 

Dave Bittner: Whoever in the audience keeps coughing, please remove yourself from the room. Have you no decency?

 

Selena Larson: Okay, so today's episode is --

 

Dave Bittner: Why is the music playing? Guys, we've rehearsed this for days. What is going on?

 

Selena Larson: Well, stick around. At some point, we might actually talk about phishing scams.

 

Keith Mularski: What if we just go to commercial? [ Music ] [ Keyboarding ] [ Music ]

 

Selena Larson: So today we are actually talking about phishing, specifically credential phishing and some new research that we put out on a phish kit we actually called CoGUI. So this is a super interesting threat cluster of activity. It's a phish kit that targets largely Japan with millions of messages per each campaign, and these campaigns are happening multiple times per week. So we did actually find this really new interesting phish kit. It is believed to be Chinese-speaking threat actors are using this phish kit, are distributing this phish kit, and there was some interesting alignment with public reporting by Japan's financial services agency. So happy to dive in and also would love to talk about credential phishing in general and some of the stuff that you guys are seeing on the landscape beyond just, you know, this one particular case targeting Japan. But how are threat actors using MFA phishing? Is there anything that's crossed your desk recently that you're like, huh, this is a super interesting cred phish.

 

Keith Mularski: Well, let me back you up, Selena. What are you guys calling this one?

 

Selena Larson: All right, so this is a really fun thing where you only ever read words, and then we say them out loud. Like, actually, is this how it says it in my head? I'm calling it CoGUI.

 

Keith Mularski: CoGUI?

 

Selena Larson: CoGUI. C -- capital C, small o, big G-U-I. CoGUI.

 

Keith Mularski: CoGUI, makes sense.

 

Dave Bittner: CoGUI.

 

Keith Mularski: It reminds -- it's like "Mawage." [ Laughing ]

 

Selena Larson: "Mawage." Oh, wow.

 

Keith Mularski: CoGUI. Oh, look at the -- that puppy is so cute and CoGUI. [ Laughing ] I'm going to have to watch Princess Bride after this recording.

 

Dave Bittner: Okay, yeah. I'm just going to note here that as the person whose job it is to very often have to pronounce out loud words that people like you, Selena, and people like you, Keith, who've come up with clever names for things, written them down using leet-speak and all that kind of stuff, never realizing the fact that someday someone, that someone being me, is going to have to actually say that word and that --

 

Keith Mularski: You know we do that on purpose, Dave.

 

Dave Bittner: Well, I -- I've come to believe that now. I mean, it's been so long that there's no way that people can't be aware that sooner or later somebody's going to have to say the word out loud. So --

 

Selena Larson: I have been advocating for a long time for someone on my team, the next malware that they discover, to name it like "Selena Steeler" or something, you know? That's very pronounceable. [ Laughing ] No one can mess that up.

 

Dave Bittner: Right, right. That's funny. You could have a t-shirt made for your husband to wear.

 

Selena Larson: Yeah, I can make my own little logo by paying a designer not using AI.

 

Dave Bittner: Yeah. There you go. There you go. All right. So let's dig into some of the details here. I mean what called you and your colleagues' attention to this one in particular? [ Music ]

 

Selena Larson: Yeah. so I have to give a shout out to all my colleagues who have been tracking this particular threat cluster. We actually, when we first saw it, we're like okay. Yeah, like phishing targeting Japan in super high volumes. This isn't something that has completely new on the threat landscape. So for example, a few years ago, we published some research, and other shops have identified, you know, high volume phishing impersonating Amazon targeting Japan, so consumer brands. So we're like, oh, yeah, like another cluster -- like a gigantic activity targeting Japan, but when we were really diving into it, so first of all, it was a kit that we hadn't seen before. And as you guys might know, the Chinese-speaking phishing kits targeting both mobile and email have increased, right? I think we've even mentioned on the podcast about those road toll scams like the smishing the sort of phishing triad so to speak that some really interesting research has been published on that includes the Darcula phish kit for example. So there was you know kind of taking a look at some of this phishing in general and we saw, oh, yeah. There's like a lot of similarities to some of these popular Chinese language kits that are, you know, expected to be created by Chinese threat actors and so we were looking at this, and then we were looking at it, and we thought, oh, okay. It's kind of interesting. They're impersonating consumer brands, but also like finance companies and securities companies. They seem to be very, very high volume, very active. They're customized and tailored for the brand that they're impersonating, and while Amazon, and you, know the consumer brand is definitely one of the biggest that we've seen, we've also seen an increase in some of these sort of more financial focus and securities-focused campaigns, which was which was pretty notable.

 

Dave Bittner: Yeah, I reported on one recently that was -- it was a phishing campaign impersonating Zoom meeting invites, and so you'd get a fake invite. You'd go to log in to Zoom, and it looked exactly like Zoom, but it wasn't actually Zoom, and of course you put in your login details and then they've got you. But it's interesting how, I guess, what's interesting to me is how, as you say, how much more targeted these campaigns seem to be getting. Like, the threat actors are getting more and more focused, and the kits are getting more and more sophisticated. I'm curious, like historically, over the years, as you've been tracking these things, Keith, I mean is that -- has that followed the trend that you've been tracking, like the increased sophistication? [ Music ]

 

Keith Mularski: Well, yeah, I think once, you know, looking at this from the article that Proofpoint put out, there's a lot of interesting things in there that, you know, that caught me right off the bat. You know, first is the sophistication. You know, a lot of times a lot of phish are just very crude, and there's misspellings and things like that, but the sophistication in this, which I really love the redirect. You know, that if you weren't the person that was getting targeted, you were taken like to the legitimate Amazon page, which is, you know, so that's really showing the sophistication. Also, you know, knowing about the kit's backend, where you, you know, where this is sold as a service, so kind of software as a service. On the back end, you've got a really nice GUI. It's keeping track of, you know, your victims and all that, so what this is telling me is that this is a very sophisticated operation, you know, that's out there. So what I wanted to do was I wanted to kind of look at the dark web and kind of look at the Chinese underground economy and kind of see what they were saying about that out there, and I found some really interesting things just kind of from digging, from Selena's research. So one is we just started pulling some of the domains, you know, that you look there and looking at the registering emails, which were these qq.com emails. And, you know, so we're just kind of looking at you know a couple of them were registered over 2,000 domains a piece. So you can see it's, as you know, so it's just thousands and thousands of, you know, domains that are being registered in that. And then, we were just seeing on some Chinese telegram channels that advertising, you know, these synchronous phishing kits is what they're calling. So I don't know whether they're CoGUI or not, but, you know, something that's very similar that's out there. You know, so they're talking about you get a nice front-end phishing page, a back-end database panel. You could you know allow easy viewing of data and all of that. So we've seen a lot of advertisements just last month, you know, in these Chinese Telegram channels. So it was really neat to kind of see what you were seeing on that front end their Proofpoint from the, you know, from the email gateway to kind of look now kind of what's seen on that back end there in the cyber underground. So I find it very fascinating. [ Music ]

 

Dave Bittner: Keith, I'm curious with your experience in law enforcement and the folks you've worked with over the course of your career. Can you provide insight onto why a threat actor, a bad guy, would decide -- would choose to be the provider of the kit that does the crime versus just doing the crime themselves? Are there practical considerations there, or do they consider themselves to have less exposure to, you know, potentially being arrested if they're providing the kit and not doing the actual crime?

 

Keith Mularski: Yeah, I guess potentially, but they're looking at it as a business model. You know, so I mean, you think of it. They're kind of viewing themselves as a startup, okay? Hey, I'm going to -- you know, I'm going to start up this business just like if you were going to open, you know, a coffee shop, and you know, hey, you're selling coffee every day or whatever. So the in the underground, it is kind of the same thing. Hey, I'm developing a product for people to use, and I'm going to market it and sell it. So it's a whole business model from that, and you know, and sometimes these models, they take a cut. So when you think a lot of like the ransomware groups, they have affiliates and things out there. So it's really just that underground economy, that organized crime ecosystem, that's out there.

 

Dave Bittner: So it's potentially that being the provider of the tool is maybe more scalable than being the person out there doing the phishing scams?

 

Keith Mularski: Yeah, potentially. I mean, you know, when you're actually doing the phish, you know, as well. So you have to take that data, and then you have to monetize it or sell it. You know, in this case because I saw that they weren't really targeting MFA that was kind of just kind of telling me that they're probably turning around and selling that data very quickly, just, you know, at first look at it.

 

Selena Larson: Yeah, well, and I think it's interesting, too, right? So much like how we operate in any business or as threat researchers, we all have our specialization, right? So I don't do malware reversing, so if I was running a criminal enterprise, I wouldn't be building malware. You know, I would be blogging our findings for our criminal customers -- no, just kidding. But you know it's -- so it's all kind of like a breakdown. So like the building tooling and then using tooling are two separate skill sets. So I think that that is part of it, as well, where you have these enterprises that are kind of run like businesses in many cases. In the case of the CoGUI phish kit, where we don't have great visibility into how that operation is structured, but we've seen, for example, like you mentioned, a lot of the ransomware affiliates. We saw, for example, like in the Conti leaks or the Black Basta leaks, you have people who specialize in different things and are talking about how to use different tools at what time; how to get around detections, different types of bypasses. You know, Keith, you mentioned the circumvention and the geofiltering and different IP filtering techniques that are used in this case and also in other phishing operations. There's also malware delivery operations that we've seen, so, you know, there's a lot that kind of goes into that. And it's entirely possible, right, that, you know, the people that buy these phish kits, sometimes the level of skill needed to deploy phishing kits is quite low. If you have, you know, the sort of email sender infrastructure set up and some of the stuff that you need to actually spam, you don't really need to know the heavy lifting or the functionality of how the tool works, or you don't necessarily need to modify it yourself. It's very much plug-and-play, whereas some of the other more advanced threat actors you see doing the full operation. They have that ability to build the tool, and they're probably not selling it. They're probably using it themselves to further their own sort of objectives. Obviously, that's not every case, but it's kind of interesting, and you know, if we're talking about sort of the, like, the goal or the objective, right? So again, we don't see that. We see the initial access, right, like the email. So you're providing all this interesting insight from the beforehand, like on the dark web what they're doing and how they're how they're advertising it, what they're selling. But we were able to actually look at a publication from Japan's Financial Services Agency. They published -- it was so funny because we're like working on this research and then someone's like, oh, hey, did you see this and we're like definitely not, so thank you for my Japanese-speaking colleagues for flagging this because, of course, all of this, you know, is Japanese language and we have a few native speakers. I, of course, do not speak Japanese. So I'm not monitoring the financial service agencies press releases, but they did note that there's been a sharp increase in the number of cases of unauthorized access and unauthorized trading on internet trading services using stolen credential -- stolen consumer information, so login IDs, passwords from fake websites disguised as the websites of real securities companies. So it does look like, you know, they might be selling some access, but they are -- also might be using, you know, this access to conduct fraudulent transactions and to purchase stock in other companies that potentially align with their interests. So yeah, pretty interesting. [ Music ]

 

Keith Mularski: What I thought was very fascinating, too, you know, so you see that the Chinese threat actors targeting Japan, and that kind of makes it easy because they're both Sino-genic languages. Sino-genic languages, is that how you say, Sino-genic languages? So you were talking about pronunciations, Dave, and here we go.

 

Dave Bittner: Gee, I thought I thought you were fluent in like half a dozen languages. Is that incorrect?

 

Keith Mularski: No just Pittsburgh East, Dave.

 

Dave Bittner: Just Pittsburgh East.

 

Keith Mularski: Right.

 

Dave Bittner: Right, right, Yinz get it right.

 

Keith Mularski: But yeah, so, you know, kind of what that tells me is, okay, that's an easy first place to target, but then I would expect to kind of see them targeting more U.S. companies, as well. So I -- we're seeing kind of the emergence of the whole Chinese e-crime organizations, and you know, economic structures there because usually when we're thinking of China, we're thinking of APT threats, but now we're really seeing that move into e-crime and them getting more sophisticated. So, you know, normally we were just -- like what you were saying, Selena. We were seeing you know crude smishing, you know, the pay your toll smishing. You know, them setting up VPN services and things like that. Now, so we're kind of seeing that sophistication move now, which will be a little bit more worrisome because we're always thinking of e-crime actors of like Russia or maybe West African, but now here come the Chinese coming saying, hey, we want to play in that space, too.

 

Selena Larson: Stick around. We'll be right back. [ Music ]

 

Dave Bittner: Does the proliferation of these kits make it more challenging for attribution?

 

Selena Larson: So that's a good question. I have some thoughts, Keith. I don't know if you have -- if you have thoughts, but I would say for the proliferation of the kits, I wouldn't say so, no. So there's a lot of -- there's just so many phishing kits that exist. A lot of them have been around for a really long time. They've just gotten a lot better. In fact, a lot of the phishing kits that we see are actually MFA attacker-in-the-middle types of phishing kits, so your like Tycoon or socket pages, things like that. The thing is, right, so it's kind of like using a tool. So for example --

 

Dave Bittner: So the burglar used a Craftsman tool -- crowbar to break into the building, and --

 

Selena Larson: Yeah, but they still have fingerprints.

 

Dave Bittner: Right. Right.

 

Selena Larson: Yeah, so they're still leaving their fingerprints, but they're using a tool that they bought at the hardware store. So, you know, if they break into a building, maybe they put the crowbar at the top lock as opposed to the bottom lock or, you know, they went for a window instead of a door and, you know, once they were inside, they were specifically looking for computers and a different one might be looking for televisions. So, you know, you have you have a robber that is -- has their own tricks and techniques and shoes that they wear and, you know, gloves that they wear and stuff that they're stealing and maybe they eat your chips while they're in your kitchen, and maybe --

 

Dave Bittner: Not your dips, not your dips.

 

Selena Larson: Dips, yes.

 

Dave Bittner: Oh, no. Oh, no. Oh, I don't know what I would do if my dips went missing.

 

Selena Larson: Dave is specifically targeted by threat actors going after gourmet dips.

 

Dave Bittner: Foreshadowing, yeah.

 

Selena Larson: But I would say, yeah. So the kits themselves can be traced back to a kit provider, right? And then you have the distribution, so there's a lot of stuff that you can kind of look at for, like, spam how they're how they're doing mal-spam, the different center infrastructure that they're using, the actual URLs, the payload URLs, and some of the stuff that's within the full attack chain, and then, of course, the objective. So a lot of times we don't always see the objective, but sometimes we do, and there's actually a really interesting research that was published by Sophos back in April. They were talking about how, for example, a phishing threat actor, which again, you know, it's something I think that we have to kind of shift our mindset a little bit on getting away from, like, only malware leads to malware and phishing leads to like sort of identity theft because in this case, Sophos published this detail about a spear phishing campaign that impersonated Screen Connect and tried to steal credentials for that tool, and so they were phishing for that tool, and then ultimately, it led to a ransomware infection. So, you know, that you can use credentials for a lot of different things, whether it's, you know, buying and selling fraudulently stocks; or, you know, gaining access to then distribute ransomware; or, you know, targeting identities to then pivot within an organization. So there's a lot of, kind of, of that interest there. So it's really kind of about the full attack chain and not necessarily the tool that they're using when it comes to attribution -- mostly. You, of course, there's like, you know, back in the days when it was just Poison ivy used by China like that was -- that was --

 

Dave Bittner: That made it easy.

 

Selena Larson: Yeah. Speaking of [inaudible 00:21:47]

 

Keith Mularski: Yeah. I think, you know, the interesting thing here is, you know, I think that people should understand is, you know, what started out in Tokyo is not going to stay in Tokyo, so to speak. You know, what we're going to see is the evolution of these threat actors targeting U.S. companies. And I think that, you know, where people have always been focused on e-crime, again, on that, you know, that Russian market and learning about those actors and those TTPs, you know, you're going to be coming -- you're going to be seeing a whole totally different set of TTPs coming at you from -- potentially from Chinese actors. So you've really got to, you know, understand your adversary, you know, and how that's going to pivot and move in the future, for sure. [ Music ]

 

Selena Larson: Yeah, and I would say, too, from the like China malware perspective, so obviously, there's cred phish, but from the malware perspective, there's -- I always love when we're looking at data, and we're looking at, oh, we suspect that this is, you know, potentially Chinese operators, at least they're speaking Chinese, right? These operators that are doing this work, and then you see, oh, this is like a fun new malware, and then it just ends up being like Gh0st RAT in a hat. Like Gh0st RAT has been around for, like, decades at this point, and it was, you know, again, originally used by China APT. And now it's just like all of these different things that are just like Gh0st RAT dressed up in a different outfit.

 

Dave Bittner: Yeah. I love, first of all, I love Gh0st RAT in a hat. Like that should be a -- there's another t-shirt for you or maybe a stuffed animal to give away at the RSA conference.

 

Keith Mularski: Don't like it in a box. Don't like it with a fox, Dave. Yeah. Yeah, but it all, I mean, reminds me of the, you know, when a company gets hit with ransomware or something and the, of course, the first thing that comes out of PR is, you know, these were sophisticated threat actors. This was an international operation. There was no possible way we could have defended ourselves against something of this sophistication and as fully funded as they were, and then every now and then, every now and then, we find out nope. It was a teenager in a basement. [ Laughing ] Just was doing -- just persistent, had nothing better to do that weekend and just banged away at them, and that's sometimes the way the pieces fall, right? [ Music ]

 

Selena Larson: There's more to come after the break. [ Music ]

 

Dave Bittner: All right. Well, I'll tell you what. Let's bring it home here and give our listeners some actionable advice here. I mean, when we're talking about protecting yourselves against this sort of thing, let's go to each of you and talk about recommendations. So you want to lead us off here, Selena?

 

Selena Larson: Sure. Yeah, so when it comes to any type of credential phishing certainly with CoGUI, but with other types as well, while most of the time we didn't necessarily see CoGUI being MFA aware, it's very, very important to ensure that you do have MFA on everything, and if you can, preferably, something like a FIDO token, right? So like a physical key that is responsible for verifying your identity. It is very, like, basically, you know, if it's just SMS, there's ways to get around it. You know, if it's a code that could be potentially socially engineered or if it's MFA aware, it can steal session cookies. So, you know, having that FIDO token as your reliable second factor, the physical key of some sort being a defense is very, very useful. Also for organizations, I mean, I know, like, everyone talks about security training, but making sure that people are aware of what it looks like, right? Talking to your team, especially tailoring it for the, like, what it's actually going to look like right. So, you know, the gas gift card would probably like we don't really see that in phishing, but we see, you know, potentially that in training, but that's not, you know, that's not what your employees are probably going to be faced with. It's going to be something that looks like Amazon or looks like, you know, a different brand or company, so really, tailoring a lot of that training and awareness around what's actually impacting your organization. And that's why when we kind of talk about like threat-informed defense, that's part of it, right? So knowing what's targeting your organization, knowing what some of these threats are, and being able to both make sure your security teams are aware of it and educating them on best practices: are we are we defended against this? Of course, you know, from the network security perspective, making sure that you have various rules that are detecting a lot of this stuff and making sure that the end points are also, you know, well defended. For example, we threw in some emerging threats rules in the blog that detect some of these phish kits, but yeah, I mean, MFA everywhere, preferably not -- preferably a token, like -- [ Music ]

 

Dave Bittner: So Selena didn't leave a whole lot of room for additional things there, Keith.

 

Keith Mularski: No. So and that's fine, but -- so I will close it with this. It's just, you know, we just have to expand our perception of e-crime. We can't throw in these silos of China equals APT; Russian equals e-crime. You know, because that's going to start emerging and it's just really too simplistic and it really misses, you know, the real point of everything. And for my law enforcement friends that may be listening here, too, that have always focused on Russia. Now, you know, now you need to, you know, get your Mandarin up to speed. You need to start looking at the Chinese-speaking, you know, Telegram channels and things like that. Where, you know, maybe they've been focusing on Russia because we're going to see this, and we're going to see it a lot more because it's evolving very quickly.

 

Selena Larson: Dave, I feel like one day we should have a -- the great debate of -- Keith you will disagree with me because I think law enforcement has a different view on this, but for most organizations, attribution doesn't matter.

 

Keith Mularski: This should be a big topic. I would love to talk about it because, actually, a CISO just told me two weeks ago. He says, "I don't care about attribution. I just want to stop it." and I was about ready to have a heart attack, so --

 

Dave Bittner: All right. Future episode, friends, future episode. Producer Liz, jot it down, future episode. All right. We're going to leave it there before we come to blows over whether or not attribution is important. Selena, Keith, thank you so much. Great episode, as always. We'll see you guys back here next time.

 

Selena Larson: Go save your dips, Dave.

 

Dave Bittner: I'm going to go save my dips. [ Music ]

 

Selena Larson: And that's Only Malware in the Building, brought to you by N2K CyberWire. In a digital world where malware lurks in the shadows, we bring you the stories and strategies to stay one step ahead of the game. As your trusty digital sleuths, we're unraveling the mysteries of cyber security, always keeping the bad guys one step behind. We'd love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you ahead of the ever-evolving world of cyber security. If you like the show, please share a rating and review in your favorite podcast app. This episode was produced by Liz Stokes, mixing and sound design by Tré Hester, with original music by Elliot Peltzman. Our Executive Producer is Jennifer Eiben. Peter Kilpe is our Publisher.

 

Dave Bittner: I'm Dave Bittner.

 

Keith Mularski: I'm Keith Mularski.

 

Selena Larson: And I'm Selena Larson. Thanks for listening. [ Music ] [ Typing ] [ Musical tone ]

Only Malware in the Building
Podcast Info
HOST(S):
Selena Larson
Keith Mularski
Dave Bittner
Selena Larson is a Staff Threat Researcher and Lead, Intelligence Analysis and Strategy at Proofpoint on the Threat Research team. She collaborates with fellow researchers to identify and investigate advanced cybercriminal threats and develop actionable threat intelligence. Previously, she was a Cyber Threat Analyst for the industrial cybersecurity firm, Dragos, and a cybersecurity and privacy journalist.
Keith Mularski is the Chief Global Ambassador for Qintel and a retired FBI Special Agent with extensive experience in cybercrime investigations and intelligence operations. He previously led major cybercrime takedowns and held leadership roles bridging public and private sector cybersecurity efforts, including as a cybersecurity executive at Ernst & Young. He continues to collaborate with global partners to combat cyber threats and protect critical infrastructure.
Dave Bittner is a security podcast host and one of the founders at CyberWire. He's a creator, producer, videographer, actor, experimenter, and entrepreneur. He's had a long career in the worlds of television, journalism and media production, and is one of the pioneers of non-linear editing and digital storytelling.
Schedule: Monthly
Creator: N2K