Moonstone Sleet - Threat Group Cards: A Threat Actor Encyclopedia Archived: 2026-04-02 12:16:13 UTC Home > List all groups > Moonstone Sleet APT group: Moonstone Sleet Names Moonstone Sleet (Microsoft) Storm-1789 (Microsoft) Stressed Pungsan (Datadog Security Research) Country North Korea Motivation Information theft and espionage, Financial gain First seen 2023 Description (Microsoft) Moonstone Sleet is a threat actor behind a cluster of malicious activity that Microsoft assesses is North Korean state-aligned and uses both a combination of many tried-and-true techniques used by other North Korean threat actors and unique attack methodologies. When Microsoft first detected Moonstone Sleet activity, the actor demonstrated strong overlaps with Diamond Sleet (Lazarus Group, Hidden Cobra, Labyrinth Chollima), extensively reusing code from known Diamond Sleet malware like Comebacker and using well-established Diamond Sleet techniques to gain access to organizations, such as using social media to deliver trojanized software. However, Moonstone Sleet quickly shifted to its own bespoke infrastructure and attacks. Subsequently, Microsoft has observed Moonstone Sleet and Diamond Sleet conducting concurrent operations, with Diamond Sleet still utilizing much of its known, established tradecraft. Moonstone Sleet has an expansive set of operations supporting its financial and cyberespionage objectives. These range from deploying custom ransomware to creating a malicious game, setting up fake companies, and using IT workers. Observed Tools used Operations performed Jul 2024 Stressed Pungsan: DPRK-aligned threat actor leverages npm for initial access https://apt.etda.or.th/cgi-bin/showcard.cgi?u=30664418-5b20-40ce-8554-d1fb27cd21e7 Page 1 of 2 Aug 2024 North Korea Still Attacking Developers via npm Feb 2025 Microsoft: North Korean hackers join Qilin ransomware gang Information Last change to this card: 21 April 2025 Download this actor card in PDF or JSON format Source: https://apt.etda.or.th/cgi-bin/showcard.cgi?u=30664418-5b20-40ce-8554-d1fb27cd21e7 https://apt.etda.or.th/cgi-bin/showcard.cgi?u=30664418-5b20-40ce-8554-d1fb27cd21e7 Page 2 of 2