Summary: Microsoft reports that the North Korean hacking group Moonstone Sleet has recently begun using Qilin ransomware in their attacks, marking a shift from their previous use of custom ransomware. The group has been active since August 2022 and is known for targeting financial and cyberespionage sectors, employing various tactics to reach victims. Since late February 2025, this ransomware operation has grown and now claims over 310 victims, leading to significant disruptions, including incidents affecting NHS hospitals in London.
Affected: Microsoft, Various Organizations
Keypoints :
- Moonstone Sleet begins deploying Qilin ransomware, indicating a strategic shift in their operations.
- The group has targeted financial and cyberespionage sectors using a variety of malicious tools and tactics.
- Qilin ransomware has claimed over 310 victims and led to significant operational disruptions in various sectors, including healthcare.