A brand-new cybercrime group that Microsoft ties to North Korea is tricking targets using fake job opportunities to launch malware and ransomware, all for financial gain.
Microsoft tracks this group as “Moonstone Sleet” and says it has been active since at least August 2023 – the earliest date its activity was spotted – and has been deploying trojanized versions of PuTTY and SumatraPDF via LinkedIn, Telegram, and various freelancing platforms.
These apps are designed to load additional payloads and provide access to launch follow-on attacks against specific targets.
