Moonstone Sleet: A New North Korean Threat Actor Microsoft discovered a new North Korean threat actor, Moonstone Sleet, who targets companies with a combination of tried-and-true techniques used by other North Korean threat actors as well as unique attack methodologies for financial and cyber espionage purposes.
Moonstone Sleet has been detected setting up phony firms and job chances to engage with potential targets, using trojanized copies of legitimate tools, developing a fully complete malicious game, and delivering a new unique ransomware.
About Moonstone Sleet Moonstone Sleet is a threat actor behind a series of malicious acts that Microsoft believes is North Korean state-aligned.
It employs tried-and-true techniques other North Korean threat actors utilize and novel attack methodologies.
When Microsoft first discovered Moonstone Sleet activity, the actor showed strong similarities to Diamond Sleet, reusing code from known Diamond Sleet malware such as Comebacker and employing well-established Diamond Sleet techniques to gain access to organizations, such as using social media to deliver trojanized software.
Moonstone Sleet swiftly adopted its own unique infrastructure and attacks.
Microsoft has since observed Moonstone Sleet and Diamond Sleet operating concurrently, with Diamond Sleet continuing to use much of its well-known, established tradecraft.
Moonstone Sleet has a diverse collection of operations that serve its financial and cyberespionage goals.
These include delivering proprietary ransomware, building a malicious game, establishing bogus firms, and employing IT personnel.
Financial Gain: Moonstone Sleet primarily targets financial institutions, seeking monetary gains through cybercrime.
Their deceptive tactics make it challenging to detect their presence until it's too late.
Cyberespionage: Beyond financial motives, Moonstone Sleet engages in cyber espionage.
They aim to steal sensitive data, trade secrets, and intellectual property, posing a significant risk to organizations.
Overlapping TTPs: Moonstone Sleet's TTPs overlap with other North Korean threat actors.
Organizations must recognize these patterns and enhance their defenses accordingly.
This Cyber News was published on www.cysecurity.news. Publication date: Sat, 01 Jun 2024 13:43:05 +0000