In a recent revelation by Microsoft Threat Intelligence, a new North Korean threat actor, “Moonstone Sleet,” has been observed utilizing sophisticated social-engineering tactics. This group not only recycles traditional methods but also innovates its strategies for more impactful espionage and revenue generation.
Moonstone Sleet’s operations are not just limited to a few isolated incidents. They include creating a multitude of fake companies to engage potential targets. For instance, from January to April, a sham company named “StarGlow Ventures” posed as a legitimate software developer, using a custom domain, fake employee personas, and social media accounts. They targeted thousands in the education and software development sectors through an extensive email campaign, underlining the scale of their operations.
Furthermore, Moonstone Sleet has been infiltrating organizations by having their operatives pursue legitimate remote IT jobs. These skilled North Korean workers apply for roles at real companies, aiming to deploy malware once hired. Microsoft notes that these workers might be part of a revenue-generation scheme or another layer of espionage.
A particularly insidious tactic employed by Moonstone Sleet involves tricking developers into downloading malware disguised as skills tests or legitimate tools. The potential repercussions of such actions are severe. For example, a developer may unwittingly install malicious software, leading to significant data breaches or system compromises.
As a result of following its impacts and analyzing its effects, specialists urge that one must remain cautious. Adam Neel from Critical Start and Steve Boone from Checkmarx stress comprehensive background checks and fostering a culture of security awareness as essential defenses. As Adam Gavish from DoControl points out, Moonstone Sleet’s use of trusted platforms like LinkedIn and Telegram underscores the importance of maintaining robust internal security protocols.
