APT
ATLAS
Atlas
Actors
Sectors
Requirements
⌘K
▸
sign in
Atlas
Actors
Sectors
Requirements
LOADING
Moonstone Sleet (aka Storm-1789) · APT Atlas
Actors
/
Nation-state / APT
/
Asia
Moonstone Sleet
APT
KP · North Korea
AKA
Storm-1789
DPRK cluster engaged in IT-worker fraud and ransomware development.
Targets
25
Sectors
18
Threat types
2
GIRs covered
0/480
Active since
2023
Pin to atlas
Watch
Share
Export
Victimology
Geographic footprint · 25 countries
Region filter
Export
origin · North Korea
targeted countries · 25
AMERICAS ·
3
Argentina
·
Brazil
·
Canada
EUROPE ·
14
Belgium
·
Germany
·
Denmark
·
Estonia
·
Spain
·
United Kingdom
·
Hungary
·
Italy
·
Netherlands
·
Poland
·
Russia
·
Sweden
·
Slovenia
·
Ukraine
ASIA ·
6
Israel
·
India
·
Japan
·
South Korea
·
Türkiye
·
Vietnam
OCEANIA ·
1
New Zealand
AFRICA ·
1
South Africa
Sectors targeted
18 of 40
Government
83 actors
Defense
60 actors
Aerospace
49 actors
Financial Services
61 actors
Cryptocurrency
17 actors
Healthcare
38 actors
Pharmaceutical
24 actors
Telecom
57 actors
Energy / Utilities
49 actors
Education & Research
50 actors
Manufacturing (man)
40 actors
Media & Journalism
41 actors
Transportation
25 actors
Consulting / Professional Services
26 actors
Industrials / Engineering
23 actors
Consumer Goods / Electronics
16 actors
Agriculture & Food
15 actors
Maritime
21 actors
Tactics, techniques, procedures
Threat types + MITRE ATT&CK mapping
THREAT TYPES
FIN · Financial Fraud
RAN · Ransomware
MITRE ATT&CK · 19 techniques
Reconnaissance
· 3
T1589.002
Email Addresses
T1591
Gather Victim Org Information
T1598
Phishing for Information
Resource Development
· 2
T1583.003
Virtual Private Server
T1587
Develop Capabilities
Initial Access
· 3
T1195.002
Compromise Software Supply Chain
T1566.001
Spearphishing Attachment
Execution
· 1
T1053.005
Scheduled Task
Persistence
· 1
Credential Access
· 1
T1003.001
LSASS Memory
Discovery
· 3
T1016
System Network Configuration Discovery
Impact
· 1
T1486
Data Encrypted for Impact
Command And Control
· 2
T1071.001
Web Protocols
Stealth
· 2
T1027
Obfuscated Files or Information
GIR coverage
0 / 480 requirements satisfied
Open matrix
No GIRs mapped yet for this actor.
Related actors
By origin and actor type
APT2
nation-state
China · 6 targets · since 2010
APT5
nation-state
China · 15 targets · since 2007
APT8
nation-state
China · 5 targets · since —
APT14
nation-state
China · 15 targets · since —
APT17
nation-state
China · 10 targets · since 2009
APT20
nation-state
China · 14 targets · since 2011
T1566.003
Spearphishing via Service
T1547.001
Registry Run Keys / Startup Folder
T1033
System Owner/User Discovery
T1217
Browser Information Discovery
T1105
Ingress Tool Transfer
T1140
Deobfuscate/Decode Files or Information