May 29, 2024 at 09:07AM
A new cybercrime group named “Moonstone Sleet,” associated with North Korea and tracked by Microsoft, deceives targets with fake job offers to distribute malware and ransomware for financial gain. The group deployed trojanized software via LinkedIn, Telegram, and freelancing platforms, and has been linked to the deployment of a new ransomware strain called FakePenny. Microsoft notes Moonstone Sleet’s evolving tactics and their potential expansion beyond financial gain.
Summary of Meeting Notes:
– A new cybercrime group, “Moonstone Sleet,” linked to North Korea, is using fake job opportunities to launch malware and ransomware for financial gain.
– Moonstone Sleet has been active since at least August 2023 and deploys trojanized versions of PuTTY and SumatraPDF via platforms like LinkedIn, Telegram, and freelancing websites.
– The group is also responsible for a new ransomware strain called FakePenny, with recent attacks targeting a defense technology company.
– Microsoft notes an increase in ransom demands from North Korean ransomware strains, with FakePenny demanding $6.6 million, more aligned with commercial ransomware markets.
– North Korea is deploying IT experts, mainly across Asia, to apply for tech roles in North America and Europe, aiming to extract funds from the US and its allies’ economies.
– The group has been using tactics such as setting up fake companies and applying for software development positions to gain initial access into targeted organizations.
– Moonstone Sleet’s diversification in tactics is notable and suggests an expansion of capabilities to enable disruptive operations.
Let me know if you need further details or analysis on the meeting notes.