Security News > 2024 > May > Microsoft links North Korean hackers to new FakePenny ransomware

Microsoft has linked a North Korean hacking group it tracks as Moonstone Sleet to FakePenny ransomware attacks, which have led to millions of dollars in ransom demands.

Unlike previous ransomware attacks coordinated by North Korean state hackers, in which victims were asked to pay $100,000, the ransom demanded by the Moonstone Sleet attackers was $6.6 million in BTC. Microsoft's assessment of this attack concluded that Moonstone Sleet's primary motivation for deploying the ransomware was financial gain.

Moonstone Sleet is not the first North Korean hacking group to be linked to ransomware attacks in recent years.

Years later, in July 2022, Microsoft and the FBI also linked North Korean hackers to the Holy Ghost ransomware operation and Maui ransomware attacks against healthcare orgs, respectively.

"Moonstone Sleet's diverse set of tactics is notable not only because of their effectiveness, but because of how they have evolved from those of several other North Korean threat actors over many years of activity to meet North Korean cyber objectives," Microsoft added.

"Additionally, Moonstone Sleet's addition of ransomware to its playbook, like another North Korean threat actor, Onyx Sleet, may suggest it is expanding its set of capabilities to enable disruptive operations."

News URL

https://www.bleepingcomputer.com/news/microsoft/microsoft-links-moonstone-sleet-north-korean-hackers-to-new-fakepenny-ransomware/