CyberSecurityBoard
Sponsor Register Login

Moonstone Sleet: A new North Korean threat actor

Microsoft has named yet another state-aligned threat actor: Moonstone Sleet, which engages in cyberespionage and ransomware attacks to further goals of the North Korean regime.
Delivered a trojanized version of PuTTY via LinkedIn, Telegram, and developer freelancing platforms to saddle victims with custom malware loaders.
Used malicious npm packages to deliver malicious payloads Delivered a custom ransomware variant to a company it previously compromised, and asked for $6.6M in BTC to decrypt files.
They used tracking pixels and a dummy unsubscribe page to confirm which targets engaged with the emails.
Moonstone Sleet emails a link to the DeTankWar game.
The linked executable included malicious DLLs that deliver a custom malware loader, which loads malicious payloads in memory and creates malicious services for network and user discovery and browser data collection.
Finally, the group also tried to get employed as software developers at multiple legitimate companies.
This type of access could be used to mount software supply chain attacks.
The group has been spotted targeting a company that makes drone technology and another one that makes aircraft parts, a defense technology company, and organizations in the software/IT and education sectors.
Microsoft has shared recommendations, indicators of compromise and hunting queries organizations can use to mitigate the threat of a Moonstone Sleet attack or to spot evidence of a successful one.


This Cyber News was published on www.helpnetsecurity.com. Publication date: Wed, 29 May 2024 13:13:06 +0000


Cyber News related to Moonstone Sleet: A new North Korean threat actor

Moonstone Sleet emerges as new North Korean threat actor with new bag of tricks - Microsoft has identified a new North Korean threat actor, now tracked as Moonstone Sleet, that uses both a combination of many tried-and-true techniques used by other North Korean threat actors and unique attack methodologies to target companies for ...
10 months ago Microsoft.com
Unmasking Moonstone Sleet: A Deep Dive into North Korea's Latest Cyber Threat - Moonstone Sleet: A New North Korean Threat Actor Microsoft discovered a new North Korean threat actor, Moonstone Sleet, who targets companies with a combination of tried-and-true techniques used by other North Korean threat actors as well as unique ...
10 months ago Cysecurity.news
Microsoft: 'Moonstone Sleet' APT Melds Espionage, Financial Goals - Researchers at Microsoft have identified a North Korean threat group carrying out espionage and financial cyberattacks concurrently, using a grab bag of different attack techniques against aerospace, education, and software organizations and ...
10 months ago Darkreading.com
Microsoft links North Korean hackers to new FakePenny ransomware - Microsoft has linked a North Korean hacking group it tracks as Moonstone Sleet to FakePenny ransomware attacks, which have led to millions of dollars in ransom demands. While this threat group's tactics, techniques, and procedures largely overlapped ...
10 months ago Bleepingcomputer.com Kimsuky Lazarus Group LockBit Ransomhub
Microsoft: North Korean hackers join Qilin ransomware gang - Microsoft says Moonstone Sleet hackers are targeting both financial and cyberespionage targets using trojanized software (e.g., PuTTY), custom malware loaders, malicious games and npm packages, and fake software development companies (e.g., C.C. ...
1 month ago Bleepingcomputer.com Qilin
New North Korean Moonstone Sleet Employs Creative Tactics To Deploy Custom Ransomware - The group has deployed an advanced custom ransomware strain targeting financial institutions and cryptocurrency exchanges across Southeast Asia and Europe, demonstrating evolving technical capabilities and evasion techniques not previously observed ...
1 month ago Cybersecuritynews.com
North Korea's state hackers stole $3 billion in crypto since 2017 - North Korean-backed state hackers have stolen an estimated $3 billion in a long string of hacks targeting the cryptocurrency industry over the last six years since January 2017. Kimsuky, Lazarus Group, Andariel, and other North Korean hacking groups ...
1 year ago Bleepingcomputer.com Andariel Kimsuky Lazarus Group
Moonstone Sleet: A new North Korean threat actor - Microsoft has named yet another state-aligned threat actor: Moonstone Sleet, which engages in cyberespionage and ransomware attacks to further goals of the North Korean regime. Delivered a trojanized version of PuTTY via LinkedIn, Telegram, and ...
10 months ago Helpnetsecurity.com
Microsoft uncovers North Korea Moonstone Sleet - Microsoft Threat Intelligence teams recently uncovered a novel collective of hackers known as Moonstone Sleet, also identified as Storm-1789. This group has been engaging in a variety of tactics aimed at maintaining their activity and funding the ...
10 months ago Cybersecurity-insiders.com
macOS Malware Mix & Match: North Korean APTs Stir Up Fresh Attacks - North Korean advanced persistent threat groups are mixing and matching components of two recently unleashed types of Mac-targeted malware to evade detection and fly under the radar as they continue their efforts to conduct operations at the behest of ...
1 year ago Darkreading.com
North Korea's Kimsuky Attacks Rivals' Trusted Platforms - North Korea-linked threat groups are increasingly using living-off-the-land (LotL) techniques and trusted services to evade detection, with a recent Kimsuky campaign showcasing the use of PowerShell scripts and storing data in Dropbox folders, along ...
2 months ago Darkreading.com Andariel Kimsuky
Microsoft: BlueNoroff hackers plan new crypto-theft attacks - Microsoft warns that the BlueNoroff North Korean hacking group is setting up new attack infrastructure for upcoming social engineering campaigns on LinkedIn. This financially motivated threat group also has a documented history of cryptocurrency ...
1 year ago Bleepingcomputer.com
US govt sanctions North Korea's Kimsuky hacking group - The Treasury Department's Office of Foreign Assets Control has sanctioned the North Korean-backed Kimsuky hacking group for stealing intelligence in support of the country's strategic goals. OFAC has also sanctioned eight North Korean agents for ...
1 year ago Bleepingcomputer.com Andariel Kimsuky
North Korean Hackers Use Fake Job Offers & Salary Bumps as Lure for Crypto Theft - Recent investigations have uncovered a massive operation carried out by North Korean hackers looking to steal cryptocurrency through fake job offers and salary bumps. According to recent reports, hackers have been able to trace the malicious ...
2 years ago Therecord.media
Lazarus Group is No Longer Consider a Single APT Group, But Collection of Many Sub Groups - The cybersecurity landscape is witnessing a growing complexity in the attribution of Advanced Persistent Threat (APT) actors, particularly the North Korean-linked Lazarus group. For instance, Bureau325 and APT43 have been identified as entities that ...
2 weeks ago Cybersecuritynews.com Kimsuky Lazarus Group
North Korean IT worker army expands operations in Europe - GTIG's report follows multiple warnings issued by the FBI regarding North Korea's massive army of IT workers sent abroad to generate revenue, who have tricked hundreds of companies in the United States and worldwide into hiring them over the years. ...
2 weeks ago Bleepingcomputer.com
North Korean Hackers Utilizing Credential Stuffing to Launch Cyberattacks - In an alarming new report, researchers found that North Korean-linked hackers have been using stolen passwords during cyberattacks to gain access to various government, military and financial networks. According to security experts, the creative ...
2 years ago Thehackernews.com
Woman Accused of Helping North Korean IT Workers Infiltrate Hundreds of US Firms - The US government has announced charges, seizures, arrests and rewards as part of an effort to disrupt a scheme in which North Korean IT workers infiltrated hundreds of companies and earned millions of dollars for North Korea. According to the ...
11 months ago Securityweek.com
TeamCity Intrusion Saga: APT29 Suspected Among the Attackers Exploiting CVE-2023-42793 - As part of this analysis, we look at threat actor TTPs employed throughout the intrusion and how they were identified and pieced together by the FortiGuard IR team. The following section of this report focuses on the activities of one of these threat ...
1 year ago Feeds.fortinet.com CVE-2023-42793 APT29
Lets Open(Dir) Some Presents: An Analysis of a Persistent Actor's Activity - By analyzing tools, logs and artifacts left open to the internet, we were able to profile the threat actor and their victims. After analyzing the artifacts we can conclude with moderate confidence that the majority of the threat actor activity ...
1 year ago Thedfirreport.com
Microsoft: Lazarus hackers breach CyberLink in supply chain attack - Microsoft says a North Korean hacking group has breached Taiwanese multimedia software company CyberLink and trojanized one of its installers to push malware in a supply chain attack targeting potential victims worldwide. According to Microsoft ...
1 year ago Bleepingcomputer.com Lazarus Group
FBI Charges North Korean Hackers Over $100 Million Stolen in Crypto Hack - The FBI has recently charged a North Korean hacker in connection with the Harmony crypto hack from which the hacker allegedly stole over $100 million. The hacker, Jon Chang Hyok, is a member of the North Korean military intelligence agency, the ...
2 years ago Bleepingcomputer.com
Experts from the United Nations Report North Korean Hackers Have Taken a Large Amount of Digital Assets - Last year, North Korean hackers working for the government stole a record-breaking amount of virtual assets estimated to be worth between $630 million and more than $1 billion, according to a new report from U.N. experts. The panel of experts said ...
2 years ago Securityweek.com Andariel Kimsuky Lazarus Group Rocke
Windows Incident Response: Human Behavior In Digital Forensics, pt III - Digital forensics can provide us insight into a threat actor's sophistication and situational awareness, which can, in turn, help us understand their intent. Observing the threat actor's actions helps us understand not just their intent, but what ...
1 year ago Windowsir.blogspot.com
North Korea's ScarCruft Attackers Gear Up to Target Cybersecurity Pros - ScarCruft, the North Korea-sponsored advanced persistent threat group, is gearing up for targeted attacks on cybersecurity researchers and other members of the threat intelligence community - likely in a bid to steal nonpublic threat intel and ...
1 year ago Darkreading.com Kimsuky

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)