SOCRadar profiles Moonstone Sleet, also tracked as Storm-1789, as a North Korean state-sponsored actor targeting technology, financial, and cryptocurrency organizations for espionage and revenue generation. The report cites fake job offers, project-collaboration lures, malicious software packages, Cobalt Strike, ransomware, and custom malware as recurring tools. Microsoft-linked activity includes FakePenny ransomware with a $6.6 million Bitcoin demand and trojanized PuTTY delivered through LinkedIn, Telegram, or freelance developer sites, where victims receive a ZIP containing a modified putty.exe and a credential file that triggers a multi-stage loader chain. The profile also covers the DeTankWar malicious game and fake C.C. Waterfall ecosystem used to reach victims and steal browser data or credentials.