Moonstone Sleet
Moonstone Sleet is a North Korean-linked threat actor executing both financially motivated attacks and espionage operations. The group previously overlapped significantly with another North Korean-linked entity, Lazarus Group, but has differentiated its tradecraft since 2023. Moonstone Sleet is notable for creating fake companies and personas to interact with victim entities, as well as developing unique malware such as a variant delivered via a fully functioning game.
Attribution signal
?Score = mentions × confidence weight, summed across all attributed sources. Higher source diversity increases the score.≥ 10 High≥ 3 Moderate< 3 Low1.4
Low signal strength
Mentions2
Sources1
High conf.1
Last seenMay 2026
First observed
2024-08-26
Last active
—
Origin
North Korea
Aliases
4
Techniques
30
Campaigns
0
North Korea
Attribution signals
2 mentions · 1 source#1akahigh
Unspecified
groupib
May 2026
"Group-IB Threat Intelligence Portal: JASPER SLEET (aka DPRK IT Workers)"
#2moderate
TTP match
eset
May 2026
Campaign: WageMole
Hedge terms observed
aka