<ul><li>The North Korea-linked APT group Moonstone Sleet has utilized the Qilin ransomware in limited attacks since February 2025.</li><li>This marks the first time Moonstone Sleet has deployed ransomware developed by a Ransomware-as-a-Service (RaaS) operator.</li><li>Moonstone Sleet, previously known as Storm-1789, has employed various techniques, including trojanized software and custom ransomware, for financial gain and cyber espionage.</li><li>The Qilin ransomware group, active since at least 2022, gained attention in June 2024 for attacking a UK governmental service provider and utilizes double extortion tactics.</li></ul>

North Korea-linked APT Moonstone used Qilin ransomware in limited attacks

Discover more