lazarusholic

Everyday is lazarus.dayβ

MoonstoneSleet

2024-05-28, Microsoft
Moonstone Sleet emerges as new North Korean threat actor with new bag of tricks
"Microsoft has identified a new North Korean threat actor, now tracked as Moonstone Sleet (formerly Storm-1789), which combines tried-and-true techniques used by other North Korean threat actors with unique attack methodologies to target companies for financial and cyberespionage objectives. Moonstone Sleet sets up fake companies and job opportunities to engage with potential targets, employs trojanized versions of legitimate tools, creates fully functional malicious games, and delivers custom ransomware."

- CyberMaterial, https://cybermaterial.com/moonstone-sleet-storm-1789-threat-actor/

Also known as

 
Name Named by AKA First seen Last seen
DiamondSleet Microsoft Zinc 2023-04-19 2024-02-27
MoonstoneSleet Microsoft DiamondSleet 2024-05-28 2025-03-06
Storm-1789 Microsoft MoonstoneSleet 2024-05-28 2024-05-28
StressedPungsan Datadog MoonstoneSleet 2024-07-31 2024-08-01

Reports

2025-03-06
Microsoft
Moonstone Sleet deploying Qilin ransomware at a limited number of orgs
#MoonstoneSleet #Qilin #Ransomware
2025-02-16
BlueEye
Analysis of attack activities of Moonstone sleet a division of APT-C-26 (Lazarus) group
#MoonstoneSleet #PuTTY
2024-12-13
PolySwarm
2024 Recap - North Korean Threat Actor Activity
#MoonstoneSleet #FamousChollima #LabyrinthChollima #RicochetChollima #SilentChollima #StardustChollima #VelvetChollima
2024-11-22
SOCRadar
Dark Web Profile: Moonstone Sleet
#MoonstoneSleet
2024-11-11
Microsoft
A Threat Intelligence Year in Review
#MoonstoneSleet #Trend #Youtube
2024-10-15
Microsoft
Microsoft Digital Defense Report 2024
#CitrineSleet #JadeSleet #MoonstoneSleet #SapphireSleet #Trend
2024-10-03
Kaspersky
APT and financial attacks on industrial organizations in Q2 2024
#Andariel #Kimsuky #LilacSquid #MoonstoneSleet #SmallTiger #Trend #Xctdoor
2024-09-16
PyongyangPapers
Moonstone Sleet & Sin Chong Min
#MoonstoneSleet
2024-08-29
Phylum
North Korea Still Attacking Developers via npm
#ContagiousInterview #MoonstoneSleet #NPM
2024-07-19
Cyfirma
APT Quarterly Highlights : Q2 2024
#Trend #Andariel #Kimsuky #MoonstoneSleet #Lazarus
2024-06-13
Checkmarx
A New North Korean Group Emerges, Disrupting the Open Source Ecosystem
#JadeSleet #NPM #MoonstoneSleet
2024-05-28
Microsoft
Moonstone Sleet emerges as new North Korean threat actor with new bag of tricks
#NPM #ITWorker #MoonstoneSleet #FakePenny #Storm-1789 #PuTTY #Storm-1877 #DeTankWar #DeFiTankLand