Dubai, Crypto, Moonstone Sleet, and the Pivot Odyssey
Contents
# Introduction.
Around this time last year, Microsoft and Kaspersky released two reports on a campaign carried out by a previously unknown North Korean APT Group dubbed 'Moonstone Sleet'. This campaign was especially notable for it's use of a fake crypto game project called DeTankZone
and the two chained Chromium zero days hosted on it's website.
After Kaspersky's later report on DeTankZone, we here at Chollima Group began looking into the "legitimate" mentioned called DefiTankLand
. To our surprise, we identified a group of DPRK IT Workers that we clustered as BABYLONGROUP.
As we continued pivoting deeper into this cluster we identified that many members had previously worked on a huge cryptocurrency project on behalf of a shady company called ICICB (who we believe to be a front), that one of the non-DPRK members of the cluster runs the Chinese cybercrime market FreeCity, and an interesting connection between DeTankZone and an older IT Worker who …
Around this time last year, Microsoft and Kaspersky released two reports on a campaign carried out by a previously unknown North Korean APT Group dubbed 'Moonstone Sleet'. This campaign was especially notable for it's use of a fake crypto game project called DeTankZone
and the two chained Chromium zero days hosted on it's website.
After Kaspersky's later report on DeTankZone, we here at Chollima Group began looking into the "legitimate" mentioned called DefiTankLand
. To our surprise, we identified a group of DPRK IT Workers that we clustered as BABYLONGROUP.
As we continued pivoting deeper into this cluster we identified that many members had previously worked on a huge cryptocurrency project on behalf of a shady company called ICICB (who we believe to be a front), that one of the non-DPRK members of the cluster runs the Chinese cybercrime market FreeCity, and an interesting connection between DeTankZone and an older IT Worker who …
IoC
https://derekgamedev.com
https://github.com/nova-blockchain
https://github.com/webgalaxy315
https://github.com/zenggang315
https://github.com/peterz-codes
https://github.com/sasuke1026
https://web3.career/@marcin
https://www.youtube.com/@DerekMiller-h8m
https://github.com/Smart-Dev-0205
https://github.com/talented-blockchain-dev
https://www.peopleperhour.com/freelancer/technology-programming/xiao-he-fullstack-web-developer-blockchain-vxqqqxj
https://linkedin.com/in/promise-law
https://www.fiverr.com/derekmiller03
https://laborx.com/freelancers/users/id328992
https://www.lancers.jp/profile/camonanesi
https://www.linkedin.com/in/brent-jeremy-47172b22a/
https://torre.ai/brentjeremynel?r=GLXbkZCc
https://github.com/wildwolf085
https://github.com/pedrodiaz417
https://github.com/SirBang
https://github.com/topsmartpro
https://github.com/brent-jeremy
https://www.linkedin.com/in/brent-jeremy/
https://github.com/jayceetran
https://github.com/squirdev
https://twitter.com/DerekMillerDev
https://www.guru.com/freelancers/derekgamedev/portfolio
https://github.com/sasukeuchiha
https://github.com/camonanesi
https://www.linkedin.com/in/jaycee-tran-a2873230b/
https://www.linkedin.com/in/liguo-ma-060077205
https://github.com/sasuke031026
https://github.com/leopawel
http://api.detankzone.com
https://github.com/newstable
http://hogwarz.com
https://www.guru.com/freelancers/brent-jeremy
https://www.youtube.com/@jackddk7187/videos
https://pl.linkedin.com/in/marcin-iwanski-b699b02b8
45.126.3.252
188.43.136.0
9e051782754e1ED01C2800a820b9F742b38aceA0
A9C429B9469D9462A1f2C3a52e149512F87F5094
https://github.com/nova-blockchain
https://github.com/webgalaxy315
https://github.com/zenggang315
https://github.com/peterz-codes
https://github.com/sasuke1026
https://web3.career/@marcin
https://www.youtube.com/@DerekMiller-h8m
https://github.com/Smart-Dev-0205
https://github.com/talented-blockchain-dev
https://www.peopleperhour.com/freelancer/technology-programming/xiao-he-fullstack-web-developer-blockchain-vxqqqxj
https://linkedin.com/in/promise-law
https://www.fiverr.com/derekmiller03
https://laborx.com/freelancers/users/id328992
https://www.lancers.jp/profile/camonanesi
https://www.linkedin.com/in/brent-jeremy-47172b22a/
https://torre.ai/brentjeremynel?r=GLXbkZCc
https://github.com/wildwolf085
https://github.com/pedrodiaz417
https://github.com/SirBang
https://github.com/topsmartpro
https://github.com/brent-jeremy
https://www.linkedin.com/in/brent-jeremy/
https://github.com/jayceetran
https://github.com/squirdev
https://twitter.com/DerekMillerDev
https://www.guru.com/freelancers/derekgamedev/portfolio
https://github.com/sasukeuchiha
https://github.com/camonanesi
https://www.linkedin.com/in/jaycee-tran-a2873230b/
https://www.linkedin.com/in/liguo-ma-060077205
https://github.com/sasuke031026
https://github.com/leopawel
http://api.detankzone.com
https://github.com/newstable
http://hogwarz.com
https://www.guru.com/freelancers/brent-jeremy
https://www.youtube.com/@jackddk7187/videos
https://pl.linkedin.com/in/marcin-iwanski-b699b02b8
45.126.3.252
188.43.136.0
9e051782754e1ED01C2800a820b9F742b38aceA0
A9C429B9469D9462A1f2C3a52e149512F87F5094