Moonstone Sleet deploying Qilin ransomware at a limited number of orgs
2025-03-06 • Microsoft •
Moonstone Sleet is known for combining many techniques successfully used by other North Korean threat actors as well as unique attack methodologies to target organizations for their financial and cyberespionage objectives. Since late February 2025, Microsoft has observed Moonstone Sleet, a North Korean state actor, deploying Qilin ransomware at a limited number of orgs.
Indicators of Compromise
| Type | Value | First Seen | Last Seen |
|---|---|---|---|
| URL | https://msft.it/6019qHZqx | 2025-03-06 | 2025-03-06 |
| DOMAIN | msft.it | 2025-03-06 | 2025-03-06 |
Related Actors
Related Reports
2025-03-25 •
53% Match
Tempted to Classifying APT Actors: Practical Challenges of Attribution in the Case of Lazarus’s Subgroup
JPCERT
Shares tag: MoonstoneSleet • Published within a month
Shares tag: MoonstoneSleet • Published within a month
Shares tag: MoonstoneSleet • Same author: Microsoft
Shares tag: MoonstoneSleet • Same author: Microsoft
2025-11-24 •
46% Match
The Korean Leaks – Analyzing the Hybrid Geopolitical Campaign Targeting South Korean Financial Services With Qilin RaaS
Bitdefender
Shares tags: Ransomware, MoonstoneSleet
2025-05-14 •
43% Match
#Whitepaper
#Konni
#TraderTraitor
#APT37
#AppleJeus
#CryptoCore
#TEMP.Hermit
#APT43
#RubySleet
#ITWorker
#MoonstoneSleet
#APT45
#GwisinGang
Shares tag: MoonstoneSleet