Moonstone Sleet Strikes: North Korean Hackers Up Their Ransomware Game

Hot Take:

Who knew moonstones could be so dangerous? North Korea’s hackers continue to prove they can turn anything, even semi-precious stones, into a weapon. Someone get them a hobby that doesn’t involve cyber mayhem!

Key Points:

• Microsoft linked Moonstone Sleet, a North Korean hacking group, to FakePenny ransomware attacks.
• These attacks have resulted in ransom demands reaching millions of dollars.
• Moonstone Sleet has adopted novel attack methods and custom infrastructure.
• The group has targeted various sectors, including IT, education, and defense.
• Similar to other North Korean groups, they are financially motivated, with a history of cyber espionage.

Moonstone Sleet: The New Cyber Rockstar

So, what’s the latest in the world of cyber espionage? Well, Microsoft has done it again, linking yet another North Korean hacking group to some seriously dodgy activities. This time, it’s Moonstone Sleet, formerly known as Storm-17. Sounds like a Marvel superhero, right? Except, instead of saving the world, they’re ransoming it with their shiny new toy—FakePenny ransomware. These attacks have pushed victims to fork over millions in ransom, making this group the cyber equivalent of a rockstar with a criminal twist.

From Diamond to Moonstone: A Shiny Evolution

When Microsoft first caught wind of Moonstone Sleet, they noticed the group was borrowing heavily from another North Korean group known as Diamond Sleet. Think of it as the cyber version of “borrowing” your older sibling’s tricks to impress your own friends. Initially, Moonstone Sleet leaned on well-worn tactics like trojanized software and malicious games. But soon, they developed their own custom methods and infrastructure, proving they could innovate with the best of them. What’s more, both groups were seen running concurrent operations, like two magicians pulling off separate tricks on the same stage.

Money Talks: The Ransom Demand

Moonstone Sleet isn’t just your run-of-the-mill hacking group; they’ve got some serious financial ambitions. Unlike previous North Korean ransomware attacks where victims were asked to cough up $100,000, these guys upped the ante to a whopping $6.6 million in Bitcoin. That’s like asking for a Ferrari instead of a Honda Civic! Microsoft’s assessment shows that the primary motivation here is cold hard cash, although their history in cyber espionage suggests they wouldn’t mind collecting a bit of juicy intel on the side.

Target Practice: Who’s in the Crosshairs?

Moonstone Sleet isn’t picky when it comes to choosing targets. They’ve set their sights on multiple industries, including software and IT, education, and even the defense industrial base. It’s like they’re playing a twisted game of cyber darts, aiming for anyone who might have something valuable to offer. And they’re not the first North Korean group to pull such stunts. Remember the Lazarus Group and the WannaCry outbreak? Or the Holy Ghost and Maui ransomware targeting healthcare orgs? It seems like North Korea has turned ransomware into a national sport.

The Evolution of Cyber Tactics

What makes Moonstone Sleet particularly noteworthy is their ability to evolve. Microsoft points out that their tactics are effective precisely because they’ve been honed over years of cyber activity. By borrowing and adapting techniques from other North Korean groups, they’ve built a diverse set of tools that make them a formidable threat. And adding ransomware to their arsenal? That’s just the cherry on top, enabling them to carry out even more disruptive operations.