Qilin ransomware leveraged by North Korea’s Moonstone Sleet in new attacks

Intrusions involving the Qilin ransomware have been recently launched by North Korean state-sponsored hacking collective Moonstone Sleet, formerly tracked as Storm-1789, against a few organizations, signifying its initial usage of a ransomware-as-a-service operator-developed payload, reports BleepingComputer.

Trojanized software and custom malware loaders, as well as software development firm spoofing, were traditionally leveraged by Moonstone Sleet to compromise organizations in its cyberespionage and financially-motivated attacks, said Microsoft's Threat Intelligence Team in a post on X.

Moonstone Sleet was previously reported by Microsoft to have been behind a FakePenny ransomware attack that led to a $6.6 million ransom demand.

On the other hand, Qilin ransomware, which emerged as Agenda in August 2022, was recently observed to have escalated its ransom demands, which ranged between $25,000 and millions of dollars.

More than 310 organizations have already been targeted by Qilin, including pathology services provider Synnovis, automotive firm Yangfeng, U.S. newspaper publisher Lee Enterprises, and Australia's Court Services Victoria.