Microsoft: 'Moonstone Sleet' APT Melds Espionage, Financial Goals

North Korea's newest threat actor uses every trick in the nation-state APT playbook, and most of cybercrime's tricks, too. It also developed a whole video game company to hide malware. [TechWeb]( Follow Dark Reading: [RSS]( May 30, 2024 LATEST SECURITY NEWS & COMMENTARY [Microsoft: 'Moonstone Sleet' APT Melds Espionage, Financial Goals]( North Korea's newest threat actor uses every trick in the nation-state APT playbook, and most of cybercrime's tricks, too. It also developed a whole video game company to hide malware. [Leak Site BreachForums Springs Back to Life Weeks After FBI Takedown]( It's unclear whether a dataset for sale on the site allegedly containing data from more than 500 million Ticketmaster users is real or just law enforcement bait. [Exploit for Fortinet Critical RCE Bug Allows SIEM Root Access]( Corporate admins should patch the max-severity CVE-2024-23108 immediately, which allows unauthenticated command injection. [Mastermind Behind Biden AI Deepfake Indicted for Robocall Scheme]( The political consultant who wrote the script and paid for the deepfake audio used in robocalls was fined $6 million by the FCC. [BlackSuit Claims Dozens of Victims With Carefully Curated Ransomware]( Researchers went in-depth on an attack by the threat group, which mainly targets US companies in the education and industrial goods sectors, specifically to maximize financial gain. [Why CVEs Are an Incentives Problem]( It's time to rethink the pivotal role incentives play in shaping behavior to find and disclose software vulnerabilities. More accurate guidance to reflect real-world risks and a tiered verification process to establish potential impact could slow misleading submissions. [MORE NEWS /]( [MORE COMMENTARY]( HOT TOPICS [The SEC's New Take on Cybersecurity Risk Management]( Insights from three companies that recently reported breaches under the new disclosure regulations. [Attackers Target Check Point VPNs to Access Corporate Networks]( Using VPNs as an initial access vector is ironic, given that security is the very reason enterprises employ them in the first place. [CatDDOS Threat Groups Sharply Ramp Up DDoS Attacks]( In attacks over the past three months, threat actors have exploited more than 80 vulnerabilities to accelerate distribution of the Mirai variant. [90+ Malicious Apps Totaling 5.5M Downloads Lurk on Google Play]( The dangerous Anatsa banking Trojan is among the malware being spread to Android users via decoy mobile apps in recent months. [MORE]( PRODUCTS & RELEASES [Digital Twin Technology Can Improve Water Utility Management, Says Info-Tech Research Group]( [VicOne Partners With 42Crunch to Deliver Comprehensive Security Across SDV and Connected-Vehicle Ecosystem]( [NRECA Signs MOU With Electricity Information Sharing and Analysis Center]( [BforeAI Launches PreCrime™ Guarantee Program for Seamless Cyber Risk Coverage]( [MORE PRODUCTS & RELEASES]( EDITORS' CHOICE [Attackers Target Check Point VPNs to Access Corporate Networks]( Using VPNs as an initial access vector is ironic, given that security is the very reason enterprises employ them in the first place. LATEST FROM THE EDGE [9 Tips to Avoid Burnout in Cybersecurity]( When security professionals are at the end of their rope — feeling both mentally and physically exhausted — it's often because of burnout. Here are ways to combat it. LATEST FROM DR TECHNOLOGY [Snowflake's Anvilogic Investment Signals Changes in SIEM Market]( Coming on the heels of Cisco buying Splunk, Palo Alto Networks acquiring IBM's QRadar, and LogRhythm merging with Exabeam, Snowflake's investment highlights the ongoing market pressure to improve SOC tools. LATEST FROM DR GLOBAL [Pakistani 'Transparent Tribe' APT Aims for Cross-Platform Impact]( Targeting India's government, defense, and aerospace sectors, the cyber-threat group now attacks Linux as well as Windows in its quest to compromise the Indian military's homegrown MayaOS Linux systems. WEBINARS - [Preventing Attackers From Wandering Through Your Enterprise Infrastructure]( - [Assessing Software Supply Chain Risk]( [View More Dark Reading Webinars >>]( WHITE PAPERS - [Generative AI Gifts]( - [SecOps Checklist]( - [Purple AI Datasheet]( - [Shining a light in the dark: observability and security, a SANS profile]( - [EMA: AI at your fingertips: How Elastic AI Assistant simplifies cybersecurity]( - [The Cloud Threat Landscape: Security learnings from analyzing 500+ cloud environments]( - [The Future of Cloud Security: Attack Paths & Graph-based Technology]( [View More White Papers >>]( FEATURED REPORTS - [Industrial Networks in the Age of Digitalization]( - [Zero-Trust Adoption Driven by Data Protection]( - [How Enterprises Assess Their Cyber-Risk]( [View More Dark Reading Reports >>]( Dark Reading Daily -- Published By [Dark Reading]( Informa Tech Holdings LLC | Registered in the United States with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA To opt-out of any future Dark Reading Daily Newsletter emails, please respond [here.]( Thoughts about this newsletter? [Give us feedback.](mailto:ContactDarkReading@informa.com) Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: /cdn-cgi/l/email-protection?sp_aid=123751&elq_cid=22844169&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529&utm_source=eloqua&utm_medium=email&utm_campaign=DR_NL_Dark%20Reading%20Daily_05.30.24&sp_cid=53711&utm_content=DR_NL_Dark%20Reading%20Daily_05.30.24&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529#5d If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. We take your privacy very seriously. Please review our [Privacy Statement.]( [© 2024]( | [Informa Tech]( | [Privacy Statement]( | [Terms & Conditions]( | [Contact Us](mailto:ContactDarkReading@informa.com)