New North Korean Hacker Group ‘Moonstone Sleet’ Revealed by Microsoft

Published:

spot_img

North Korean Threat Actor Moonstone Sleet Behind Cyber Attacks Targeting Software and IT Sector

A new North Korean threat actor, codenamed Moonstone Sleet, has emerged, targeting individuals and organizations in the software, education, and defense sectors with ransomware and bespoke malware similar to the Lazarus Group. Moonstone Sleet uses tactics like setting up fake companies, employing trojanized versions of legitimate tools, and creating malicious games to infiltrate targets.

Microsoft’s Threat Intelligence team identified Moonstone Sleet as a state-aligned group utilizing tactics from other North Korean threat actors, such as Lazarus, but with unique attack methodologies. The group has been observed using code from known malware like Comebacker and PuTTY to infiltrate systems and execute payloads received from Command-and-Control servers.

In addition to using malicious software, Moonstone Sleet also pursues employment in legitimate software development positions to generate revenue for North Korea or gain access to organizations. The group has been observed utilizing tactics like sending trojanized PuTTY executables via LinkedIn and Telegram, as well as distributing malicious npm packages through messaging platforms.

Moonstone Sleet has also been linked to the creation of fake companies, such as C.C. Waterfall and StarGlow Ventures, to engage with targets through email and social engineering campaigns. The group recently deployed a custom ransomware variant called FakePenny against a defense technology company, demanding a $6.6 million ransom in Bitcoin.

As the threat from Moonstone Sleet grows, Microsoft is urging software companies to be vigilant against supply chain attacks and enhance their security measures to defend against this emerging threat actor. This disclosure comes amidst South Korea’s accusations against North Korea, particularly the Lazarus Group, for stealing data and documents from a court network.

spot_img

Related articles

Recent articles

AI Cyber Attacks Surge as Top Threat to Indian Banking, Warns RBI

AI Cyber Attacks Surge as Top Threat to Indian Banking, Warns RBI The Reserve Bank of India (RBI) has pinpointed AI Cyber Attacks as the...

India and Japan Strengthen Indo-Pacific Ties as PM Takaichi Arrives for 20th Annual Summit

India and Japan Strengthen Indo-Pacific Ties as PM Takaichi Arrives for 20th Annual Summit Japanese Prime Minister Sanae Takaichi is set to arrive in New...

UAE Cybersecurity Chief Strengthens Digital Safety for Children, Urges Family Vigilance

UAE Cybersecurity Chief Strengthens Digital Safety for Children, Urges Family Vigilance In a significant move to enhance the safety of children in the digital landscape,...

Proofpoint Advances Cyber Defense with Active Exploits Protection Against AI-Driven Threats

Proofpoint Advances Cyber Defense with Active Exploits Protection Against AI-Driven Threats In a significant move to bolster cybersecurity, Proofpoint has introduced Active Exploits Protection, a...