North Korean hackers turn to Russia-linked ransomware for new extortion campaign



News North Korean hackers turn to Russia-linked ransomware for new extortion campaign Use of third-party tool from Qilin group is a first for DPRK cybercriminals, who usually employ own ransomware Shreyas Reddy March 11, 2025 SHARE COPY LINK FACEBOOK X LINKEDIN MASTODON An illustration of an attacker-controlled computer \| Image: NK Pro North Korean cybercriminals have started deploying malware developed by a Russia-linked group in their recent extortion campaigns, seemingly marking the first time they have turned to an operator that supplies such tools to third parties. Microsoft Threat Intelligence reported on social media on Friday that it has observed the North Korean group Moonstone Sleet using the Qilin malware, developed by a Russian-speaking group of the same name, since February. “Moonstone Sleet has previously exclusively deployed their own custom ransomware in their attacks, and this represents the first instance they are deploying ransomware developed by a Read More © Korea Risk Group. All rights reserved. No part of this content may be reproduced, distributed, or used for commercial purposes without prior written permission from Korea Risk Group. LATEST ANALYSIS 01A decade in making, North Korea’s first nuclear-powered submarine breaks cover 02What to know about the North Korean towns chosen for 2025 development push 03After $1.5B Bybit heist, North Korean hackers race to cash out the spoils 04North Korea resumes huge China border bridge project in sign of trade boost plan 05What North and South Korea saw in the explosive Trump-Zelensky spat 06How the Trump administration’s cyber agenda could embolden North Korean hackers 07Exclusive: North Korea testing larger new recon drone, pushing deployment plan 08DPRK arms shipments to Russia slow in early 2025 but Feb. sees renewed activity 09Satellite images show demolition at North Korea’s military parade training base 10North Korean ICBM factory upgrade project slows, satellite imagery shows

News

North Korean hackers turn to Russia-linked ransomware for new extortion campaign

Use of third-party tool from Qilin group is a first for DPRK cybercriminals, who usually employ own ransomware

Shreyas Reddy March 11, 2025

North Korean hackers turn to Russia-linked ransomware for new extortion campaign

An illustration of an attacker-controlled computer | Image: NK Pro

North Korean cybercriminals have started deploying malware developed by a Russia-linked group in their recent extortion campaigns, seemingly marking the first time they have turned to an operator that supplies such tools to third parties.

Microsoft Threat Intelligence reported on social media on Friday that it has observed the North Korean group Moonstone Sleet using the Qilin malware, developed by a Russian-speaking group of the same name, since February.

“Moonstone Sleet has previously exclusively deployed their own custom ransomware in their attacks, and this represents the first instance they are deploying ransomware developed by a

01A decade in making, North Korea’s first nuclear-powered submarine breaks cover
02What to know about the North Korean towns chosen for 2025 development push
03After $1.5B Bybit heist, North Korean hackers race to cash out the spoils
04North Korea resumes huge China border bridge project in sign of trade boost plan
05What North and South Korea saw in the explosive Trump-Zelensky spat
06How the Trump administration’s cyber agenda could embolden North Korean hackers
07Exclusive: North Korea testing larger new recon drone, pushing deployment plan
08DPRK arms shipments to Russia slow in early 2025 but Feb. sees renewed activity
09Satellite images show demolition at North Korea’s military parade training base
10North Korean ICBM factory upgrade project slows, satellite imagery shows

North Korean hackers turn to Russia-linked ransomware for new extortion campaign

LATEST ANALYSIS

Similar Articles

About the Author

Shreyas Reddy