BROADCASTS.com

DPRK threat actor Kimsuky uses a Chrome extension to exfiltrate emails, while ScarCruft prospects South Korean organizations. Hacktivists' claims of attacks on OT networks may be overstated. Ghostwriter remains active in social engineering attempts to target Ukrainian refugees. Joe Carrigan has cyber crime by the numbers. Our guest is Christian Sorensen from SightGain with analysis of the cyber effects of Russia\u2019s war.\n\nFor links to all of today's stories check out our CyberWire daily news briefing:\nhttps://thecyberwire.com/newsletters/daily-briefing/12/56\n\nSelected reading.\nNorth Korean hackers using Chrome extensions to steal Gmail emails (BleepingComputer)\nJoint Cyber Security Advisory (Korean) (BundesamtfuerVerfassungsschutz)\nNorth Korean APT group \u2018Kimsuky\u2019 targeting experts with new spearphishing campaign (Record)\nScarCruft's Evolving Arsenal: Researchers Reveal New Malware Distribution Techniques (The Hacker News)\nThe Unintentional Leak: A glimpse into the attack vectors of APT37 (Zscaler)\nCHM Malware Disguised as Security Email from a Korean Financial Company: Redeyes (Scarcruft) (ASEC BLOG)\xa0\nA Propaganda Group is Using Fake Emails to Target Ukrainian Refugees (Bloomberg)\xa0\nWe (Did!) Start the Fire: Hacktivists Increasingly Claim Targeting of OT Systems | Mandiant (Mandiant)\nFact or fiction, hacktivists' claims of industrial sabotage in Russia or Ukraine get attention online (CyberScoop)\nThe 5\xd75\u2014Conflict in Ukraine's information environment (Atlantic Council)\nHow the Russia-Ukraine conflict has impacted cyber-warfare (teiss)\nCommonMagic APT gang attacking organisations in Ukraine (Tech Monitor)\nLearn more about your ad choices. Visit megaphone.fm/adchoices