Moonstone Sleet: Korean star with dangerous software.

TLDR:

North Korean threat actors, such as Moonstone Sleet, are distributing malicious packages through the NPM registry to compromise supply chains. A new threat actor, Moonstone Sleet, has emerged with similar tactics. Microsoft has highlighted the emergence of Moonstone Sleet and their TTPs.

New Moonstone Sleet North Korean Actor Deploying Malicious Open Source Packages

In December 2023, North Korean threat actors, particularly Jade Sleet, were reported to be compromising supply chains through the open-source ecosystem by distributing malicious packages through the public npm registry. Moonstone Sleet, a new threat actor, has emerged with similar tactics, posing ongoing threats to the open-source software supply chain.

Key Findings:

Continued publication of malicious packages on NPM
Moonstone Sleet targeting open-source software with similar tactics to other North Korean groups
Microsoft highlighting the emergence of Moonstone Sleet and their TTPs

Malicious NPM Packages:

Moonstone Sleet distributes malware through malicious NPM packages on the public NPM registry, increasing the exposure of developers to potential compromise. The packages attributed to Jade Sleet and Moonstone Sleet exhibit distinct differences in code style and structure, reflecting varying strategies used by different threat groups.

Recent Developments:

Microsoft has identified Moonstone Sleet as a rising North Korean threat actor utilizing tactics resembling other state-sponsored actors. Moonstone Sleet has been spreading malicious packages through freelancing websites, LinkedIn, and the public npm registry, elevating the threat to a wider audience and showcasing evolving tactics.

Changes in Attack Flow:

In the second quarter of 2024, the complexity of malicious packages increased, with attackers adding obfuscation and targeting Linux systems as well. The ongoing publication of malicious packages underscores the persistent nature of North Korean threat actors’ campaign, emphasizing the importance of collaboration in the security community to identify and thwart these attacks.

Post Views: 72

Latest from Blog

SDCOE praised for leadership, support, and innovation in cybersecurity

TLDR: San Diego County Grand Jury commends SDCOE for leadership in cybersecurity in K-12 education SDCOE provides resources, guidance, and cybersecurity solutions to county school districts A recent report by the San

EU’s tough cyber rules threaten massive fines and business suspensions

TLDR: The EU’s NIS 2 becomes enforceable on Oct. 17, imposing tougher cyber regulations on companies. Companies could face hefty fines or service suspensions for violations under the new law. Companies in

Financial sector prime target for DDoS attacks, Akamai study finds

TLDR: – Financial services sector remains the top target for DDoS attacks for the second consecutive year – APJ region faces significant cybersecurity challenges with a high threat score for phishing A

Watch out for serverless architecture’s cybersecurity risks for businesses

Serverless Architecture and Cybersecurity Risks TLDR: Move towards serverless architecture presents new security challenges Threat actors are exploring vulnerabilities in serverless environments Today’s cybersecurity landscape is rapidly evolving with the adoption of