Google’s TAG identified a new campaign by the North Korean ARCHIPELAGO threat cluster (aka APT43) targeting U.S. and South Korean governments, think tanks, military personnel, academics, policymakers, and researchers. Most notably, ARCHIPELAGO used fraudulent Google Chrome extensions in combination with phishing and malware to harvest sensitive data.