CyberSecurityBoard
Sponsor Register Login

Microsoft: North Korean hackers join Qilin ransomware gang

Microsoft says Moonstone Sleet hackers are targeting both financial and cyberespionage targets using trojanized software (e.g., PuTTY), custom malware loaders, malicious games and npm packages, and fake software development companies (e.g., C.C. Waterfall, StarGlow Ventures) set up to interact with potential victims on LinkedIn, various freelancing networks, Telegram, or via email. Microsoft says a North Korean hacking group tracked as Moonstone Sleet has deployed Qilin ransomware payloads in a limited number of recent attacks. Years later, in July 2022, Microsoft and the FBI linked North Korean hackers to the Holy Ghost ransomware operation and Maui ransomware attacks targeting healthcare orgs. Moonstone Sleet is not the first North Korean-backed threat group linked to ransomware attacks in recent years. In May 2024, Microsoft also linked Moonstone Sleet to a custom FakePenny ransomware variant. Previously tracked as Storm-1789, this threat group's activity initially overlapped with other North Korean attackers like Diamond Sleet and Onyx Sleet. Qilin has claimed over 310 victims since it emerged, including automotive giant Yangfeng, American newspaper publisher Lee Enterprises, Australia's Court Services Victoria, and pathology services provider Synnovis. After a successful FakePenny ransomware attack, the North Korean hackers were observed asking for a ransom demand of $6.6 million in BTC. Since it surfaced in August 2022 under the "Agenda" name, the Qilin ransomware gang has claimed over 300 victims on its dark web leak site.

This Cyber News was published on www.bleepingcomputer.com. Publication date: Fri, 07 Mar 2025 12:15:08 +0000


Cyber News related to Microsoft: North Korean hackers join Qilin ransomware gang

Moonstone Sleet emerges as new North Korean threat actor with new bag of tricks - Microsoft has identified a new North Korean threat actor, now tracked as Moonstone Sleet, that uses both a combination of many tried-and-true techniques used by other North Korean threat actors and unique attack methodologies to target companies for ...
1 year ago Microsoft.com
10 Best Ransomware Protection Tools - 2025 - It protects devices from ransomware and other cyber threats using advanced threat intelligence, behavioral analysis, and cloud-based technology. It monitors and prevents ransomware assaults on personal files and automatically restores encrypted ...
3 months ago Cybersecuritynews.com
North Korea's state hackers stole $3 billion in crypto since 2017 - North Korean-backed state hackers have stolen an estimated $3 billion in a long string of hacks targeting the cryptocurrency industry over the last six years since January 2017. Kimsuky, Lazarus Group, Andariel, and other North Korean hacking groups ...
1 year ago Bleepingcomputer.com Andariel Kimsuky Lazarus Group
Microsoft: North Korean hackers join Qilin ransomware gang - Microsoft says Moonstone Sleet hackers are targeting both financial and cyberespionage targets using trojanized software (e.g., PuTTY), custom malware loaders, malicious games and npm packages, and fake software development companies (e.g., C.C. ...
2 months ago Bleepingcomputer.com Qilin
10 Best Ransomware File Decryptor Tools in 2025 - Kaspersky Rakhni Decryptor contains different decryption tools based on various versions of Rakhni ransomware and helps you decrypt encrypted files on your system. PyLocky Ransomware Decryption Tool is a free and open source developed and released by ...
1 month ago Cybersecuritynews.com
North Korean IT worker scam is now a threat to all companies, cybersecurity experts say | The Record from Recorded Future News - Since disruptions began last year and law enforcement has publicly warned companies of the practice, DTEX’s Barnhart and others said they have seen some workers try to extort companies or hand off their access to more sophisticated North Korean ...
4 weeks ago Therecord.media
North Korean Hackers Use Fake Job Offers & Salary Bumps as Lure for Crypto Theft - Recent investigations have uncovered a massive operation carried out by North Korean hackers looking to steal cryptocurrency through fake job offers and salary bumps. According to recent reports, hackers have been able to trace the malicious ...
2 years ago Therecord.media
North Korean Hackers Utilizing Credential Stuffing to Launch Cyberattacks - In an alarming new report, researchers found that North Korean-linked hackers have been using stolen passwords during cyberattacks to gain access to various government, military and financial networks. According to security experts, the creative ...
2 years ago Thehackernews.com
Microsoft links North Korean hackers to new FakePenny ransomware - Microsoft has linked a North Korean hacking group it tracks as Moonstone Sleet to FakePenny ransomware attacks, which have led to millions of dollars in ransom demands. While this threat group's tactics, techniques, and procedures largely overlapped ...
1 year ago Bleepingcomputer.com Kimsuky Lazarus Group LockBit Ransomhub
Reserachers Uncovered North Korean Nationals Remote IT Worker Fraud Scheme - In a significant cybersecurity investigation, researchers have revealed an elaborate fraud scheme orchestrated by North Korean nationals who used stolen identities to secure remote IT positions at US-based companies and nonprofits. The operation ...
2 weeks ago Cybersecuritynews.com
Linux version of Qilin ransomware focuses on VMware ESXi - A sample of the Qilin ransomware gang's VMware ESXi encryptor has been found and it could be one of the most advanced and customizable Linux encryptors seen to date. Due to this adoption, almost all ransomware gangs have created dedicated VMware ESXi ...
1 year ago Bleepingcomputer.com Qilin
US govt sanctions North Korea's Kimsuky hacking group - The Treasury Department's Office of Foreign Assets Control has sanctioned the North Korean-backed Kimsuky hacking group for stealing intelligence in support of the country's strategic goals. OFAC has also sanctioned eight North Korean agents for ...
1 year ago Bleepingcomputer.com Andariel Kimsuky
Qilin ransomware claims attack on automotive giant Yanfeng - The Qilin ransomware group has claimed responsibility for a cyber attack on Yanfeng Automotive Interiors, one of the world's largest automotive parts suppliers. Yanfeng is a Chinese automotive parts developer and manufacturer focused on interior ...
1 year ago Bleepingcomputer.com Qilin Black Basta
North Korean IT worker army expands operations in Europe - GTIG's report follows multiple warnings issued by the FBI regarding North Korea's massive army of IT workers sent abroad to generate revenue, who have tricked hundreds of companies in the United States and worldwide into hiring them over the years. ...
1 month ago Bleepingcomputer.com
State-Sponsored APT Groups Use Ransomware Tactics for Intelligence Gathering and Sabotage - State-sponsored threat groups are increasingly using ransomware-like tactics to hide more insidious activities. Russian APT group Sandworm has used ransomware programs to destroy data multiple times in the past six months, while North Korea's Lazarus ...
2 years ago Csoonline.com Andariel APT3 APT37 APT38 Kimsuky Lazarus Group BianLian
Woman Accused of Helping North Korean IT Workers Infiltrate Hundreds of US Firms - The US government has announced charges, seizures, arrests and rewards as part of an effort to disrupt a scheme in which North Korean IT workers infiltrated hundreds of companies and earned millions of dollars for North Korea. According to the ...
1 year ago Securityweek.com
Latest Information Security and Hacking Incidents - The ransomware strain Qilin has surfaced as a new danger to computers using VMware ESXi, which is a recent development in the cryptocurrency space. Concerned observers have expressed concern over the fact that this Qilin Linux version exhibits a ...
1 year ago Cysecurity.news Qilin
North Korean Hackers Stole $600m in Crypto in 2023 - North Korean hackers stole at least $600m in cryptocurrency in 2023, around a third of the total value of such heists, according to blockchain intelligence firm TRM. Despite the eye-watering sum, this figure represents a 30% reduction on ...
1 year ago Infosecurity-magazine.com
macOS Malware Mix & Match: North Korean APTs Stir Up Fresh Attacks - North Korean advanced persistent threat groups are mixing and matching components of two recently unleashed types of Mac-targeted malware to evade detection and fly under the radar as they continue their efforts to conduct operations at the behest of ...
1 year ago Darkreading.com
North Korea's Kimsuky Attacks Rivals' Trusted Platforms - North Korea-linked threat groups are increasingly using living-off-the-land (LotL) techniques and trusted services to evade detection, with a recent Kimsuky campaign showcasing the use of PowerShell scripts and storing data in Dropbox folders, along ...
3 months ago Darkreading.com Andariel Kimsuky
Qilin Has Emerged as The Top Ransomware Group in April with 74 Cyber Attacks - In a significant shift within the cybercriminal ecosystem, Qilin ransomware group has surged to prominence in April 2025, orchestrating 74 cyber attacks globally according to the latest threat intelligence report. This dramatic rise follows the ...
3 weeks ago Cybersecuritynews.com Ransomhub Qilin
Microsoft: BlueNoroff hackers plan new crypto-theft attacks - Microsoft warns that the BlueNoroff North Korean hacking group is setting up new attack infrastructure for upcoming social engineering campaigns on LinkedIn. This financially motivated threat group also has a documented history of cryptocurrency ...
1 year ago Bleepingcomputer.com
FBI Charges North Korean Hackers Over $100 Million Stolen in Crypto Hack - The FBI has recently charged a North Korean hacker in connection with the Harmony crypto hack from which the hacker allegedly stole over $100 million. The hacker, Jon Chang Hyok, is a member of the North Korean military intelligence agency, the ...
2 years ago Bleepingcomputer.com
North Korean hackers exploit critical TeamCity flaw to breach networks - Microsoft says that the North Korean Lazarus and Andariel hacking groups are exploiting the CVE-2023-42793 flaw in TeamCity servers to deploy backdoor malware, likely to conduct software supply chain attacks. In September, TeamCity fixed a critical ...
1 year ago Bleepingcomputer.com CVE-2023-42793 Andariel
US seizes Sinbad crypto mixer used by North Korean Lazarus hackers - The U.S. Department of the Treasury has sanctioned the Sinbad cryptocurrency mixing service for its use as a money-laundering tool by the North Korean Lazarus hacking group. A cryptocurrency mixer is a server that allows people to deposit crypto, ...
1 year ago Bleepingcomputer.com Lazarus Group

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)