Moonstone Sleet emerges as new North Korean threat actor with new bag of tricks
...of software supply chain attacks to conduct widespread malicious operations. In November 2023, Microsoft reported on Diamond Sleet’s supply chain compromise of CyberLink, a multimedia application...While Microsoft has not yet identified any Moonstone Sleet supply chain attacks, the actor has extensively targeted software development firms in its campaigns. Large-scale access to software companies would pose a particularly high risk for future supply chain attacks against those organizations... Figure 2. Moonstone Sleet attack chain using trojanized PuTTY Microsoft has also observed Moonstone Sleet using other...