Ransomware, Threat Intelligence

Novel FakePenny ransomware deployed by North Korean hacking group

North Korean remote IT worker scam

Attacks with the new FakePenny ransomware variant have been conducted by North Korean threat operation Moonstone Sleet, formerly tracked as Storm-1789, with one of the incidents netting a demand of $6.6 million worth of Bitcoin, BleepingComputer reports.

While initial Moonstone Sleet intrusions against organizations and individuals across various sectors, including the defense industrial base, education, and IT industries, involved significant similarities with fellow North Korean advanced persistent threat operation Diamond Sleet, the threat group eventually leveraged its own attack infrastructure to conduct malicious operations concurrent with Diamond Sleet, a report from Microsoft revealed.

"Moonstone Sleet's diverse set of tactics is notable not only because of their effectiveness, but because of how they have evolved from those of several other North Korean threat actors over many years of activity to meet North Korean cyber objectives," said Microsoft, which also noted that the group's inclusion of ransomware suggests expanded capabilities.

An In-Depth Guide to Ransomware

Get essential knowledge and practical strategies to protect your organization from ransomware attacks.

You can skip this ad in 5 seconds