Microsoft Threat Intelligence teams recently uncovered a novel collective of hackers known as Moonstone Sleet, also identified as Storm-1789. This group has been engaging in a variety of tactics aimed at maintaining their activity and funding the nuclear ambitions of Kim Un Jong.
Over the past few weeks, Moonstone Sleet has been initiating the formation of new companies, enticing potential targets with bogus job offers, and subsequently extorting money from victims under false pretenses. Additionally, this threat group has been distributing trojanized games, which either deploy malware or ransomware capable of wiping data if ransom demands are not met.
Their primary objectives revolve around gathering intelligence and generating revenue through fraudulent means, all to fulfill the demands of their nation’s leadership. Notably, Moonstone Sleet shares similarities with previous instances of nation-backed malware distribution, including NotPetya, WannaCry, and HolyGhost, albeit with a significant escalation in ransom demands, now ranging from $6 million to $12 million USD in cryptocurrency.
Thus far, their targets have spanned across the IT, education, defense, and software sectors, with potential plans to expand their reach to companies in Western regions in the near future. Microsoft suspects that Moonstone Sleet may be operating in collaboration with intelligence agencies from prominent Asian countries, although specific names have not been disclosed. Consequently, their primary aim appears to be disrupting Western business operations or maximizing financial gains through coercive measures.
