Shadows in the digital domain have grown longer. North Korean state-sponsored hacking group Moonstone Sleet, previously tracked as Storm-1789, has taken a concerning turn in its cyber operations. They’re now deploying Qilin ransomware. First observed in February 2025, this marks a significant shift in their strategy. Pretty alarming stuff.
Moonstone Sleet isn’t playing games. Well, actually, they are – trojanized ones. The group tricks victims through social media apps like Telegram and LinkedIn, convincing them to download malicious software. They’ve even set up fake software development companies like C.C. Waterfall and StarGlow Ventures. Classic North Korean deception tactics.
The digital wolf wears sheep’s clothing—fake companies, social media traps, and trojanized games form Moonstone Sleet’s predatory arsenal.
Qilin isn’t new to the ransomware scene. Active since August 2022 (initially called “Agenda”), this Ransomware-as-a-Service operation has claimed over 310 victims on its dark web leak site. Recent trends show ransom demands have dramatically escalated from modest $25,000 to millions of dollars. They’ve hit big names – automotive giant Yangfeng, American newspaper publisher Lee Enterprises, and even caused outages in major NHS hospitals in London. Not exactly small potatoes.
What’s remarkable is Moonstone Sleet’s progression. They previously relied exclusively on custom ransomware. Now they’re collaborating with third-party RaaS providers. It’s like watching a villain’s origin story unfold in real-time. Terrifying.
This development aligns with broader North Korean cyber activities. Similar groups like Diamond Sleet and Onyx Sleet have used ransomware for financial gain. Remember WannaCry in 2017? Same playbook, new chapter.
The cybersecurity implications are clear. North Korean cyber threats are growing more sophisticated. Organizations need robust defenses. Patches. Updates. Vigilance against social engineering. Small businesses are particularly vulnerable, with 60% shutting down within six months after experiencing a cyber attack.
State-sponsored cyber attacks aren’t going away. They’re adapting. Advancing. Getting smarter. And Moonstone Sleet’s deployment of Qilin ransomware represents just the latest progression in this dangerous environment. Regular data backups are essential for businesses to maintain continuity if they fall victim to these increasingly sophisticated attacks. The digital shadows keep growing. No one is immune.
