Ransomware, Threat Intelligence

Novel FakePenny ransomware deployed by North Korean hacking group

Laptop with binary computer code and Korean flag on the screen.

Attacks with the new FakePenny ransomware variant have been conducted by North Korean threat operation Moonstone Sleet, formerly tracked as Storm-1789, with one of the incidents netting a demand of $6.6 million worth of Bitcoin, BleepingComputer reports.

While initial Moonstone Sleet intrusions against organizations and individuals across various sectors, including the defense industrial base, education, and IT industries, involved significant similarities with fellow North Korean advanced persistent threat operation Diamond Sleet, the threat group eventually leveraged its own attack infrastructure to conduct malicious operations concurrent with Diamond Sleet, a report from Microsoft revealed.

"Moonstone Sleet's diverse set of tactics is notable not only because of their effectiveness, but because of how they have evolved from those of several other North Korean threat actors over many years of activity to meet North Korean cyber objectives," said Microsoft, which also noted that the group's inclusion of ransomware suggests expanded capabilities.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.