lazarusholic

Everyday is lazarus.dayβ

MoonstoneSleet

2024-05-28, Microsoft
Moonstone Sleet emerges as new North Korean threat actor with new bag of tricks
"Microsoft has identified a new North Korean threat actor, now tracked as Moonstone Sleet (formerly Storm-1789), which combines tried-and-true techniques used by other North Korean threat actors with unique attack methodologies to target companies for financial and cyberespionage objectives. Moonstone Sleet sets up fake companies and job opportunities to engage with potential targets, employs trojanized versions of legitimate tools, creates fully functional malicious games, and delivers custom ransomware."

- CyberMaterial, https://cybermaterial.com/moonstone-sleet-storm-1789-threat-actor/

Also known as

 
Name Named by AKA First seen Last seen
APT-C-26 Qihoo360 Lazarus 2018-08-15 2026-06-03
APT-Q-1 Qianxin Lazarus 2023-03-14 2025-08-28
Appleworm Symantec Lazarus 2017-04-01 2021-02-18
BABYLONGROUP ChollimaGroup MoonstoneSleet 2025-08-25 2025-09-04
BlackArtemis PWC Lazarus 2020-03-03 2023-04-12
Bureau121 - Lazarus - 2020-11-23
CitrineSleet Microsoft Lazarus 2023-10-06 2025-03-27
DEV-0139 Microsoft Lazarus 2022-12-06 2022-12-06
G0032 MITRE Lazarus 2017-05-31 2017-05-31
G1036 MITRE MoonstoneSleet 2024-08-26 2024-08-26
GodsApostles SelfGiven Lazarus 2014-11-24 -
GodsDisciples SelfGiven Lazarus 2014-11-24 -
Greedyman KRCERT Lazarus 2020-02-29 -
Group77 CiscoTalos Lazarus 2016-02-24 2019-09-13
GuardiansofPeace SelfGiven Lazarus 2014-11-24 2014-12-05
Hastati SecureWorks Lazarus - 2013-03-21
HiddenCobra USCISA Lazarus 2017-06-13 2021-03-25
ITG03 IBM Lazarus - -
LabyrinthChollima CrowdStrike Lazarus 2018-02-26 2026-02-06
Lazarus Novetta - 2016-02-24 2026-06-03
MoonstoneSleet Microsoft Lazarus 2024-05-28 2025-11-24
NickelAcademy SecureWorks Lazarus - 2024-10-08
Office91 - Lazarus - 2019-09-13
REF7001 Elastic Lazarus 2023-11-01 2024-10-03
REF9134 Elastic Lazarus 2023-06-21 2023-06-21
RGB-D3 IssuemakersLab Lazarus 2020-05-20 2020-09-08
SectorA01 NSHC Lazarus 2019-01-23 2025-11-25
SelectivePisces PaloaltoNetworks Lazarus 2022-09-26 2024-09-09
Storm-1789 Microsoft MoonstoneSleet 2024-05-28 2024-05-28
StressedPungsan Datadog MoonstoneSleet 2024-07-31 2024-08-01
TA404 Proofpoint Lazarus 2022-07-14 2022-07-14
UAT-10027 CiscoTalos Lazarus 2026-02-26 2026-02-26
Unit121 - Lazarus - 2020-11-23
VoidImugi TrendMicro Lazarus 2024-06-10 2025-03-18
WASSONITE Dragos Lazarus 2020-05-30 2023-02-14
WHOisTeam Mcafee Lazarus 2013-03-20 2014-12-23
Zinc Microsoft Lazarus 2017-12-19 2022-11-22

Reports

2025-11-24
Bitdefender
The Korean Leaks – Analyzing the Hybrid Geopolitical Campaign Targeting South Korean Financial Services With Qilin RaaS
#MoonstoneSleet #Ransomware
2025-11-18
ChollimaGroup
Reframing Insights
#ITWorker #MoonstoneSleet
2025-08-25
ChollimaGroup
Dubai, Crypto, Moonstone Sleet, and the Pivot Odyssey
#BABYLONGROUP #MoonstoneSleet #DeFiTankLand
2025-05-14
DtexSystems
Exposing DPRK’s Cyber Underworld
#ITWorker #APT37 #APT43 #APT45 #AppleJeus #CryptoCore #GwisinGang #Konni #MoonstoneSleet #RubySleet #TEMP.Hermit #TraderTraitor #Whitepaper
2025-03-06
Microsoft
Moonstone Sleet deploying Qilin ransomware at a limited number of orgs
#MoonstoneSleet #Qilin #Ransomware
2025-02-16
BlueEye
Analysis of attack activities of Moonstone sleet a division of APT-C-26 (Lazarus) group
#MoonstoneSleet #PuTTY
2024-12-13
PolySwarm
2024 Recap - North Korean Threat Actor Activity
#MoonstoneSleet #FamousChollima #LabyrinthChollima #RicochetChollima #SilentChollima #StardustChollima #VelvetChollima
2024-11-22
SOCRadar
Dark Web Profile: Moonstone Sleet
#MoonstoneSleet
2024-11-11
Microsoft
A Threat Intelligence Year in Review
#MoonstoneSleet #Trend #Youtube
2024-10-15
Microsoft
Microsoft Digital Defense Report 2024
#CitrineSleet #JadeSleet #MoonstoneSleet #SapphireSleet #Trend
2024-10-03
Kaspersky
APT and financial attacks on industrial organizations in Q2 2024
#Andariel #Kimsuky #LilacSquid #MoonstoneSleet #SmallTiger #Trend #Xctdoor
2024-09-16
PyongyangPapers
Moonstone Sleet & Sin Chong Min
#MoonstoneSleet
2024-08-29
Phylum
North Korea Still Attacking Developers via npm
#ContagiousInterview #MoonstoneSleet #NPM
2024-08-26
MITRE
Moonstone Sleet
#G1036 #MoonstoneSleet
2024-07-19
Cyfirma
APT Quarterly Highlights : Q2 2024
#Trend #Andariel #Kimsuky #MoonstoneSleet #Lazarus
2024-06-13
Checkmarx
A New North Korean Group Emerges, Disrupting the Open Source Ecosystem
#JadeSleet #NPM #MoonstoneSleet
2024-05-28
Microsoft
Moonstone Sleet emerges as new North Korean threat actor with new bag of tricks
#NPM #ITWorker #MoonstoneSleet #FakePenny #Storm-1789 #PuTTY #Storm-1877 #DeTankWar #DeFiTankLand