Security News > 2024 > May > Microsoft links North Korean hackers to new FakePenny ransomware
Microsoft has linked a North Korean hacking group it tracks as Moonstone Sleet to FakePenny ransomware attacks, which have led to millions of dollars in ransom demands.
Unlike previous ransomware attacks coordinated by North Korean state hackers, in which victims were asked to pay $100,000, the ransom demanded by the Moonstone Sleet attackers was $6.6 million in BTC. Microsoft's assessment of this attack concluded that Moonstone Sleet's primary motivation for deploying the ransomware was financial gain.
Moonstone Sleet is not the first North Korean hacking group to be linked to ransomware attacks in recent years.
Years later, in July 2022, Microsoft and the FBI also linked North Korean hackers to the Holy Ghost ransomware operation and Maui ransomware attacks against healthcare orgs, respectively.
"Moonstone Sleet's diverse set of tactics is notable not only because of their effectiveness, but because of how they have evolved from those of several other North Korean threat actors over many years of activity to meet North Korean cyber objectives," Microsoft added.
"Additionally, Moonstone Sleet's addition of ransomware to its playbook, like another North Korean threat actor, Onyx Sleet, may suggest it is expanding its set of capabilities to enable disruptive operations."
News URL
Related news
- Microsoft Uncovers 'Moonstone Sleet' — New North Korean Hacker Group (source)
- REvil hacker behind Kaseya ransomware attack gets 13 years in prison (source)
- Hackers Increasingly Abusing Microsoft Graph API for Stealthy Malware Communications (source)
- NSA warns of North Korean hackers exploiting weak DMARC email policies (source)
- Russian Hacker Dmitry Khoroshev Unmasked as LockBit Ransomware Administrator (source)
- North Korean Hackers Deploy New Golang Malware 'Durian' Against Crypto Firms (source)
- Cybercriminals Exploiting Microsoft’s Quick Assist Feature in Ransomware Attacks (source)
- North Korean Hackers Exploit Facebook Messenger in Targeted Malware Campaign (source)
- Crims abusing Microsoft Quick Assist to deploy Black Basta ransomware (source)
- Here's yet more ransomware using BitLocker against Microsoft's own users (source)