FlagThis

Microsoft has identified a North Korean hacking group known as Moonstone Sleet, previously tracked as Storm-1789, deploying Qilin ransomware in limited attacks. This represents a shift for the group, as they have historically used custom-built ransomware. The adoption of Qilin ransomware signifies a move towards Ransomware-as-a-Service (RaaS), where they utilize ransomware developed by external operators rather than relying solely on their own tools.

Moonstone Sleet's move to RaaS marks a new era in cyber threats, primarily driven by financial motivations, a departure from previous espionage-focused operations. They have been observed demanding ransoms as high as $6.6 million in Bitcoin. The group has also been known to use creative tactics, including fake companies, trojanized software, and even a malicious game to infiltrate targets, showcasing their adaptability and resourcefulness.

ImgSrc: www.bleepstatic

References :

• gbhackers.com: North Korean Moonstone Sleet Uses Creative Tactics to Deploy Custom Ransomware
• The DefendOps Diaries: Moonstone Sleet's Shift to Ransomware-as-a-Service: A New Era in Cyber Threats
• BleepingComputer: Microsoft: North Korean hackers join Qilin ransomware gang
• Cyber Security News: North Korean Moonstone Sleet Deploys Custom Ransomware with Creative Tactics
• securityaffairs.com: Microsoft researchers reported that North Korea-linked APT tracked as Moonstone Sleet has employed the Qilin ransomware in limited attacks.
• www.scworld.com: Moonstone Sleet was previously reported to have been behind a FakePenny ransomware attack.

Classification:

• HashTags: #Ransomware #NorthKorea #Qilin
• Company: Microsoft
• Attacker: Moonstone Sleet
• Product: Qilin
• Feature: Ransomware Deployment
• Malware: Qilin
• Type: Ransomware
• Severity: Major