CyberSecurityBoard
Sponsor Register Login

New North Korean Moonstone Sleet Employs Creative Tactics To Deploy Custom Ransomware

The group has deployed an advanced custom ransomware strain targeting financial institutions and cryptocurrency exchanges across Southeast Asia and Europe, demonstrating evolving technical capabilities and evasion techniques not previously observed in North Korean cyber operations. Unlike previous North Korean ransomware operations, Moonstone Sleet demonstrates a sophisticated understanding of enterprise security architectures and implements countermeasures specifically designed to bypass modern endpoint protection platforms. Attribution to North Korea stems from code similarities with previously documented DPRK operations, shared command infrastructure with known North Korean campaigns, and targeting patterns consistent with Pyongyang’s financial motivations. Network defenders have identified several command and control servers hosted on compromised infrastructure across Eastern Europe and Southeast Asia, with traffic routed through multiple proxies to obscure the attackers’ true location. Organizations are advised to implement robust email filtering, maintain regular offline backups, deploy application control solutions, and monitor for indicators of compromise which security vendors have begun distributing through standard threat intelligence channels. Additionally, the ransomware contains timing checks that prevent execution during working hours in the UTC+9 time zone, a common trait in North Korean malware. Moonstone Sleet, believed to operate under the umbrella of North Korea’s Reconnaissance General Bureau, has developed a multi-stage infection chain that begins with targeted spear-phishing emails containing seemingly benign PDF attachments. The ransomware communicates with command and control servers through a custom protocol that mimics legitimate HTTPS traffic, but embeds commands within seemingly normal web requests. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. The infrastructure demonstrates sophisticated operational security measures including rapid server rotation and geofenced access controls that trigger self-destruction if accessed from unauthorized IP ranges.

This Cyber News was published on cybersecuritynews.com. Publication date: Mon, 10 Mar 2025 08:00:08 +0000


Cyber News related to New North Korean Moonstone Sleet Employs Creative Tactics To Deploy Custom Ransomware

Moonstone Sleet emerges as new North Korean threat actor with new bag of tricks - Microsoft has identified a new North Korean threat actor, now tracked as Moonstone Sleet, that uses both a combination of many tried-and-true techniques used by other North Korean threat actors and unique attack methodologies to target companies for ...
1 year ago Microsoft.com
Unmasking Moonstone Sleet: A Deep Dive into North Korea's Latest Cyber Threat - Moonstone Sleet: A New North Korean Threat Actor Microsoft discovered a new North Korean threat actor, Moonstone Sleet, who targets companies with a combination of tried-and-true techniques used by other North Korean threat actors as well as unique ...
1 year ago Cysecurity.news
Microsoft links North Korean hackers to new FakePenny ransomware - Microsoft has linked a North Korean hacking group it tracks as Moonstone Sleet to FakePenny ransomware attacks, which have led to millions of dollars in ransom demands. While this threat group's tactics, techniques, and procedures largely overlapped ...
1 year ago Bleepingcomputer.com Kimsuky Lazarus Group LockBit Ransomhub
Microsoft: 'Moonstone Sleet' APT Melds Espionage, Financial Goals - Researchers at Microsoft have identified a North Korean threat group carrying out espionage and financial cyberattacks concurrently, using a grab bag of different attack techniques against aerospace, education, and software organizations and ...
1 year ago Darkreading.com
Microsoft: North Korean hackers join Qilin ransomware gang - Microsoft says Moonstone Sleet hackers are targeting both financial and cyberespionage targets using trojanized software (e.g., PuTTY), custom malware loaders, malicious games and npm packages, and fake software development companies (e.g., C.C. ...
3 months ago Bleepingcomputer.com Qilin
10 Best Ransomware Protection Tools - 2025 - It protects devices from ransomware and other cyber threats using advanced threat intelligence, behavioral analysis, and cloud-based technology. It monitors and prevents ransomware assaults on personal files and automatically restores encrypted ...
3 months ago Cybersecuritynews.com
New North Korean Moonstone Sleet Employs Creative Tactics To Deploy Custom Ransomware - The group has deployed an advanced custom ransomware strain targeting financial institutions and cryptocurrency exchanges across Southeast Asia and Europe, demonstrating evolving technical capabilities and evasion techniques not previously observed ...
3 months ago Cybersecuritynews.com
10 Best Ransomware File Decryptor Tools in 2025 - Kaspersky Rakhni Decryptor contains different decryption tools based on various versions of Rakhni ransomware and helps you decrypt encrypted files on your system. PyLocky Ransomware Decryption Tool is a free and open source developed and released by ...
2 months ago Cybersecuritynews.com
North Korea's state hackers stole $3 billion in crypto since 2017 - North Korean-backed state hackers have stolen an estimated $3 billion in a long string of hacks targeting the cryptocurrency industry over the last six years since January 2017. Kimsuky, Lazarus Group, Andariel, and other North Korean hacking groups ...
1 year ago Bleepingcomputer.com Andariel Kimsuky Lazarus Group
Microsoft uncovers North Korea Moonstone Sleet - Microsoft Threat Intelligence teams recently uncovered a novel collective of hackers known as Moonstone Sleet, also identified as Storm-1789. This group has been engaging in a variety of tactics aimed at maintaining their activity and funding the ...
1 year ago Cybersecurity-insiders.com
North Korean IT worker scam is now a threat to all companies, cybersecurity experts say | The Record from Recorded Future News - Since disruptions began last year and law enforcement has publicly warned companies of the practice, DTEX’s Barnhart and others said they have seen some workers try to extort companies or hand off their access to more sophisticated North Korean ...
1 month ago Therecord.media
Moonstone Sleet: A new North Korean threat actor - Microsoft has named yet another state-aligned threat actor: Moonstone Sleet, which engages in cyberespionage and ransomware attacks to further goals of the North Korean regime. Delivered a trojanized version of PuTTY via LinkedIn, Telegram, and ...
1 year ago Helpnetsecurity.com
macOS Malware Mix & Match: North Korean APTs Stir Up Fresh Attacks - North Korean advanced persistent threat groups are mixing and matching components of two recently unleashed types of Mac-targeted malware to evade detection and fly under the radar as they continue their efforts to conduct operations at the behest of ...
1 year ago Darkreading.com
State-Sponsored APT Groups Use Ransomware Tactics for Intelligence Gathering and Sabotage - State-sponsored threat groups are increasingly using ransomware-like tactics to hide more insidious activities. Russian APT group Sandworm has used ransomware programs to destroy data multiple times in the past six months, while North Korea's Lazarus ...
2 years ago Csoonline.com Andariel APT3 APT37 APT38 Kimsuky Lazarus Group BianLian
North Korean Hackers Use Fake Job Offers & Salary Bumps as Lure for Crypto Theft - Recent investigations have uncovered a massive operation carried out by North Korean hackers looking to steal cryptocurrency through fake job offers and salary bumps. According to recent reports, hackers have been able to trace the malicious ...
2 years ago Therecord.media
Lazarus Group is No Longer Consider a Single APT Group, But Collection of Many Sub Groups - The cybersecurity landscape is witnessing a growing complexity in the attribution of Advanced Persistent Threat (APT) actors, particularly the North Korean-linked Lazarus group. For instance, Bureau325 and APT43 have been identified as entities that ...
2 months ago Cybersecuritynews.com Kimsuky Lazarus Group
Reserachers Uncovered North Korean Nationals Remote IT Worker Fraud Scheme - In a significant cybersecurity investigation, researchers have revealed an elaborate fraud scheme orchestrated by North Korean nationals who used stolen identities to secure remote IT positions at US-based companies and nonprofits. The operation ...
1 month ago Cybersecuritynews.com
North Korean Hackers Utilizing Credential Stuffing to Launch Cyberattacks - In an alarming new report, researchers found that North Korean-linked hackers have been using stolen passwords during cyberattacks to gain access to various government, military and financial networks. According to security experts, the creative ...
2 years ago Thehackernews.com
US govt sanctions North Korea's Kimsuky hacking group - The Treasury Department's Office of Foreign Assets Control has sanctioned the North Korean-backed Kimsuky hacking group for stealing intelligence in support of the country's strategic goals. OFAC has also sanctioned eight North Korean agents for ...
1 year ago Bleepingcomputer.com Andariel Kimsuky
North Korean IT worker army expands operations in Europe - GTIG's report follows multiple warnings issued by the FBI regarding North Korea's massive army of IT workers sent abroad to generate revenue, who have tricked hundreds of companies in the United States and worldwide into hiring them over the years. ...
2 months ago Bleepingcomputer.com
North Korea's Kimsuky Attacks Rivals' Trusted Platforms - North Korea-linked threat groups are increasingly using living-off-the-land (LotL) techniques and trusted services to evade detection, with a recent Kimsuky campaign showcasing the use of PowerShell scripts and storing data in Dropbox folders, along ...
4 months ago Darkreading.com Andariel Kimsuky
Microsoft: BlueNoroff hackers plan new crypto-theft attacks - Microsoft warns that the BlueNoroff North Korean hacking group is setting up new attack infrastructure for upcoming social engineering campaigns on LinkedIn. This financially motivated threat group also has a documented history of cryptocurrency ...
1 year ago Bleepingcomputer.com
Woman Accused of Helping North Korean IT Workers Infiltrate Hundreds of US Firms - The US government has announced charges, seizures, arrests and rewards as part of an effort to disrupt a scheme in which North Korean IT workers infiltrated hundreds of companies and earned millions of dollars for North Korea. According to the ...
1 year ago Securityweek.com
North Korean hackers exploit critical TeamCity flaw to breach networks - Microsoft says that the North Korean Lazarus and Andariel hacking groups are exploiting the CVE-2023-42793 flaw in TeamCity servers to deploy backdoor malware, likely to conduct software supply chain attacks. In September, TeamCity fixed a critical ...
1 year ago Bleepingcomputer.com CVE-2023-42793 Andariel
The Week in Ransomware - Governments struck back this week against members of ransomware operations, imposing sanctions on one threat actor and sentencing another to prison. On Tuesday, the Australian, US, and UK governments announced sanctions against Aleksandr Gennadievich ...
1 year ago Bleepingcomputer.com LockBit BianLian Akira Cactus

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)