The DefendOps DiariesMar 7, 2025

Moonstone Sleet's Shift to Ransomware-as-a-Service: A New Era in Cyber Threats

https://thedefendopsdiaries.com/moonstone-sleets-shift-to-ransomware-as-a-service-a-new-era-in-cyber-threats

#moonstonesleet
#ransomwareasaservice
#northkoreanhackers
#cybersecuritytrends
#qilinransomware

Moonstone Sleet's Shift to Ransomware-as-a-Service: A New Era in Cyber Threats

Moonstone Sleet shifts to RaaS, marking a new era in cyber threats with financial motives driving North Korean hacking strategies.

The DefendOps Diaries
lazarusholicMar 7, 2025
"Moonstone Sleet deploying Qilin ransomware at a limited number of orgs" published by Microsoft. #MoonstoneSleet, #Qilin, #Ransomware, #DPRK, #CTI https://archive.is/OeXNz
lazarusholicFeb 16, 2025
"Analysis of attack activities of Moonstone sleet a division of APT-C-26 (Lazarus) group" published by BlueEye. #MoonstoneSleet, #PuTTY, #DPRK, #CTI https://blu3eye.gitbook.io/malware-insight/moonstone-sleet-trojaned-putty
Analysis of attack activities of Moonstone sleet a division of APT-C-26 (Lazarus) group | Malware-Insight

lazarusholicDec 14, 2024
"2024 Recap - North Korean Threat Actor Activity" published by PolySwarm. #Chollima, #MoonstoneSleet, #DPRK, #CTI https://blog.polyswarm.io/2024-recap-north-korean-threat-actor-activity
2024 Recap - North Korean Threat Actor Activity

This report provides highlights of activity perpetrated by North Korea nexus threat actors in 2024.

lazarusholicNov 24, 2024
"Dark Web Profile: Moonstone Sleet" published by SOCRadar. #MoonstoneSleet, #DPRK, #CTI https://socradar.io/dark-web-profile-moonstone-sleet/
lazarusholicNov 13, 2024
"A Threat Intelligence Year in Review" published by Microsoft. #MoonstoneSleet, #Trend, #Youtube, #DPRK, #CTI https://www.youtube.com/watch?v=U7p0J8aMZhM
BlueHat 2024: S17: MSTIC - A Threat Intelligence Year in Review

YouTube
lazarusholicOct 16, 2024
"Microsoft Digital Defense Report 2024" published by Microsoft. #CitrineSleet, #JadeSleet, #MoonstoneSleet, #SapphireSleet, #Trend, #DPRK, #CTI https://www.microsoft.com/en-us/security/security-insider/intelligence-reports/microsoft-digital-defense-report-2024
Microsoft Digital Defense Report 2024

The 2024 Microsoft Digital Defense Report (MDDR) addresses cyber threats and AI offering insights and guidance to help enhance security and stay ahead of risks.

lazarusholicOct 8, 2024
"APT and financial attacks on industrial organizations in Q2 2024" published by Kaspersky. #Andariel, #Kimsuky, #LilacSquid, #MoonstoneSleet, #SmallTiger, #Trend, #Xctdoor, #DPRK, #CTI https://ics-cert.kaspersky.com/publications/reports/2024/10/03/apt-and-financial-attacks-on-industrial-organizations-in-q2-2024/
APT and financial attacks on industrial organizations in Q2 2024 | Kaspersky ICS CERT

This summary provides an overview of the reports of APT and financial attacks on industrial enterprises that were disclosed in Q2 2024, as well as the related activities of groups that have been observed attacking industrial organizations and critical infrastructure facilities.

Kaspersky ICS CERT | Kaspersky Industrial Control Systems Cyber Emergency Response Team
lazarusholicAug 29, 2024
"North Korea Still Attacking Developers via npm" published by Phylum. #ContagiousInterview, #MoonstoneSleet, #NPM, #DPRK, #CTI https://blog.phylum.io/north-korea-still-attacking-developers-via-npm/
North Korea Still Attacking Developers via npm | Phylum

There's a renewed surge of attacks with obfuscated JavaScript and fake job campaigns to compromise developers and infiltrate companies. See Phylum research.

Phylum Research | Software Supply Chain Security
The Threat CodexAug 2, 2024
Stressed Pungsan: DPRK-aligned threat actor leverages npm for initial access
#MoonstoneSleet
https://securitylabs.datadoghq.com/articles/stressed-pungsan-dprk-aligned-threat-actor-leverages-npm-for-initial-access/
Stressed Pungsan: DPRK-aligned threat actor leverages npm for initial access | Datadog Security Labs

In this post, we analyze a set of malicious NPM packages linked to Democratic People’s Republic of Korea.