IcedID is evolving away from its banking malware roots. An Emotet phishing campaign spoofs IRS W9s. The FBI warns of BEC scams. A Fake booter service as a law enforcement honeypot. Phishing in China's nuclear energy sector. Reports of an OpenAI and a ChatGPT data leak. Does Iran receive Russian support in cyberattacks against Albania? My conversation with Linda Gray Martin and Britta Glade from RSAC with a preview of this year's conference. Our own Rick Howard takes a field trip to the National Cryptologic Museum. And De-anonymizing Telegram.

For links to all of today's stories check out our CyberWire daily news briefing:

https://thecyberwire.com/newsletters/daily-briefing/12/58

Selected reading.

Fork in the Ice: The New Era of IcedID (Proofpoint)

Emotet malware distributed as fake W-9 tax forms from the IRS (BleepingComputer)

Internet Crime Complaint Center (IC3) | Business Email Compromise Tactics Used to Facilitate the Acquisition of Commodities and Defrauding Vendors (IC3)

Phishing Campaign Targets Chinese Nuclear Energy Industry (Intezer) 

'Bitter' espionage hackers target Chinese nuclear energy orgs (BleepingComputer)

UK Sets Up Fake DDoS-for-Hire Sites to Trap Hackers (PCMag Middle East)

UK National Crime Agency reveals it ran fake DDoS-for-hire sites to collect users’ data (Record)

OpenAI: ChatGPT payment data leak caused by open-source bug (BleepingComputer)

OpenAI says a bug leaked sensitive ChatGPT user data (Engadget)

March 20 ChatGPT outage: Here’s what happened (OpenAI)

How Albania Became a Target for Cyberattacks (Foreign Policy) 

Russia’s Rostec allegedly can de-anonymize Telegram users (BleepingComputer)

Learn more about your ad choices. Visit megaphone.fm/adchoices