Moonstone Sleet: A new North Korean threat actor

2024-05-29 12:31

Microsoft has named yet another state-aligned threat actor: Moonstone Sleet, which engages in cyberespionage and ransomware attacks to further goals of the North Korean regime.

"Moonstone Sleet uses tactics, techniques, and procedures also used by other North Korean threat actors over the last several years, highlighting the overlap among these groups," Microsoft's threat analysts say.

"When Microsoft first detected Moonstone Sleet activity, the actor demonstrated strong overlaps with Diamond Sleet, extensively reusing code from known Diamond Sleet malware like Comebacker and using well-established Diamond Sleet techniques to gain access to organizations, such as using social media to deliver trojanized software. However, Moonstone Sleet quickly shifted to its own bespoke infrastructure and attacks."

Moonstone Sleet emails a link to the DeTankWar game.

"This activity could be consistent with previous reporting from the United States Department of Justice that North Korea was using highly skilled remote IT workers to generate revenue. On the other hand, this Moonstone Sleet activity may also be another approach to gaining access to organizations," the analysts pointed out.

Microsoft has shared recommendations, indicators of compromise and hunting queries organizations can use to mitigate the threat of a Moonstone Sleet attack or to spot evidence of a successful one.

News URL

https://www.helpnetsecurity.com/2024/05/29/moonstone-sleet-north-korean-threat-actor/

#northkorean #threat