Researchers at Microsoft have identified a North Korean threat group carrying out espionage and financial cyberattacks concurrently, using a grab bag of different attack techniques against aerospace, education, and software organizations and developers.
In the beginning, Microsoft explained in a blog post, Moonstone Sleet heavily overlapped with the known DPRK advanced persistent threat (APT) Diamond Sleet. The former copped from the latter’s malware — like the Comebacker Trojan — as well as its infrastructure and preferred techniques — such as delivering Trojanized software via social media. Moonstone Sleet has since differentiated itself, though, moving to its own infrastructure and establishing for itself a unique, if rather erratic identity.