May 29, 2024 at 08:12AM
Microsoft reports a new North Korean threat actor, Moonstone Sleet, targeting education, defense, and IT for espionage and revenue. The group combines tactics of other North Korean actors with unique methods, using fake companies and job opportunities to engage potential targets, employing trojanized tools, launching a custom ransomware, and engaging in expansive operations.
From the meeting notes, we can gather that a new North Korean threat actor, known as Moonstone Sleet, has been targeting various sectors including education, defense industrial base, and software and IT organizations for purposes of espionage and revenue generation.
Moonstone Sleet has been observed employing several tactics such as setting up fake companies, using trojanized versions of legitimate tools, creating malicious games, and delivering custom ransomware. They have also been using applications like LinkedIn and Telegram, as well as developer freelancing platforms or email to distribute their malicious payloads.
The group has been investing significant resources in building fake identities to support its malware delivery tactics, and has targeted individuals and organizations in multiple sectors, including a drone technology company and an aircraft parts manufacturer. Moonstone Sleet’s diverse set of tactics has evolved from those of several other North Korean threat actors over many years of activity to meet North Korean cyber objectives. This includes deploying the FakePenny ransomware against an organization and demanding a 100 bitcoin ransom.
Given the severity and the evolving nature of their tactics, Moonstone Sleet poses a significant threat and it is imperative to take necessary precautions to mitigate the risk of potential attacks.