What else could a new hacker group from North Korea surprise cyber experts with?
A relatively new North Korean cyber group known as Moonstone Sleet was recently identified as being responsible for attacks on the software, information technology, education, and defense industries using ransomware and other types of malware.
According to a new analysis by Microsoft's threat detection team, Moonstone Sleet creates fake companies and jobs to deceive its victims. The group uses Trojan versions of legitimate tools, develops malicious games, and actively implements ransomware.
Moonstone Sleet attacks use both traditional methods used by other North Korean hackers and completely unique techniques.
Initially tracked under the code name Storm-1789, the group had some tactical similarities to the Lazarus Group, but then separated into a separate group with its own infrastructure and methods.
Moonstone Sleet actively uses the code of already known malware, such as, for example, Comebacker, which was first noticed in January 2021. The group also often uses the PuTTY program, various freelance platforms, and the LinkedIn social network in its attacks.
To achieve their goals, Moonstone Sleet hackers use a number of different strategies based on social engineering techniques:
So, in April of this year, Moonstone Sleet hackers managed to introduce a new variation of the FakePenny ransomware to an unnamed defense technology company.
Microsoft experts emphasize the need to take security measures to protect against Moonstone Sleet attacks and warn about possible attacks on supply chains. Meanwhile, North Korean hackers continue to adapt their methods to achieve their cyber goals.
A relatively new North Korean cyber group known as Moonstone Sleet was recently identified as being responsible for attacks on the software, information technology, education, and defense industries using ransomware and other types of malware.
According to a new analysis by Microsoft's threat detection team, Moonstone Sleet creates fake companies and jobs to deceive its victims. The group uses Trojan versions of legitimate tools, develops malicious games, and actively implements ransomware.
Moonstone Sleet attacks use both traditional methods used by other North Korean hackers and completely unique techniques.
Initially tracked under the code name Storm-1789, the group had some tactical similarities to the Lazarus Group, but then separated into a separate group with its own infrastructure and methods.
Moonstone Sleet actively uses the code of already known malware, such as, for example, Comebacker, which was first noticed in January 2021. The group also often uses the PuTTY program, various freelance platforms, and the LinkedIn social network in its attacks.
To achieve their goals, Moonstone Sleet hackers use a number of different strategies based on social engineering techniques:
- they get jobs in large companies as software developers, gaining access to the internal infrastructure of these companies;
- they create fake companies themselves, conduct fake interviews with developers, and hold online meetings with investors;
- enter into partnership contracts, gaining access to the networks of companies in the field of critical infrastructure.
So, in April of this year, Moonstone Sleet hackers managed to introduce a new variation of the FakePenny ransomware to an unnamed defense technology company.
Microsoft experts emphasize the need to take security measures to protect against Moonstone Sleet attacks and warn about possible attacks on supply chains. Meanwhile, North Korean hackers continue to adapt their methods to achieve their cyber goals.
