Microsoft: North Korean hackers join Qilin ransomware gang

Microsoft says a North Korean hacking group tracked as Moonstone Sleet has deployed Qilin ransomware payloads in a limited number of recent attacks. "Since late February 2025, Microsoft has observed Moonstone Sleet, a North Korean state actor, deploying Qilin ransomware at a limited number of orgs," the company's threat intelligence experts said this week "Moonstone Sleet has previously exclusively deployed their own custom ransomware in their attacks, and this represents the first instance they are deploying ransomware developed by a RaaS operator." Previously tracked as Storm-1789, this threat group's activity initially overlapped with other North Korean attackers like Diamond Sleet and Onyx Sleet. However, it has since switched to its own tactics and custom tooling and attack infrastructure. Microsoft says Moonstone Sleet hackers are targeting both financial and cyberespionage targets using trojanized software (e.g., PuTTY), custom malware loaders, malicious games and npm packag ... Read full article.