Microsoft Warns of New North Korean Threat Actor, Moonstone Sleet
Microsoft has identified a new North Korean threat actor, dubbed Moonstone Sleet, which has been active since at least August 2023. The group is known for its sophisticated tactics, including the use of trojanized legitimate tools and a new custom ransomware variant called FakePenny.
Moonstone Sleet has been linked to the creation of fake companies and job opportunities to engage with potential targets. However, investigations into two companies, StarGlow Ventures and C.C. Waterfall, have not found concrete evidence of their connection to the group. The group delivers trojanized versions of legitimate tools, such as PuTTY, to infect targets. They have also developed a malicious mobile tank-themed game for malware distribution. Notably, the ransom note used by their FakePenny ransomware overlaps with that of the NotPetya malware used by Seashell Blizzard. Moonstone Sleet uses a combination of old and new techniques to compromise targets' systems, and they have shifted to their own infrastructure and attacks, distinct from Diamond Sleet.
Moonstone Sleet's activities, including the use of FakePenny ransomware which demands significantly higher ransoms compared to other North Korean ransomware, highlight the evolving threat landscape. Despite investigations, the connection between Moonstone Sleet and companies like StarGlow Ventures and C.C. Waterfall remains unconfirmed. Further research and intelligence sharing are crucial to counter this emerging threat.
Read also:
- Mural at blast site in CDMX commemorates Alicia Matías, sacrificing life for granddaughter's safety
- Microsoft's Patch Tuesday essential fixes: 12 critical vulnerabilities alongside a Remote Code Execution flaw in SharePoint
- Swedish Housing Associations Hike Fees by 8.1% Amidst Inflation and Interest Rate Surge
- British intelligence agency MI6 establishes a covert dark web platform named 'Silent Courier' in Istanbul for the purpose of identifying and enlisting secret agents.
