Cyber Threat Report: 'Onyx Sleet uses array of malware to gather intelligence for North Korea'
| Report Author | Microsoft Threat Intelligence |
|---|---|
| Publication Date | 2024-07-25 |
| Original Reporting | Source |
| Attributed to Nation | North Korea |
| Related Intrusion Sets | Andariel , Onyx Sleet |
| Identified CVEs | CVE-2021-44228 , CVE-2023-27350 , CVE-2023-42793 |
| Victim Sectors | Energy, Defense |
Following an indictment by the US Department of Justice linked to the intrusion set Microsoft track as Onyx Sleet, this report includes details of Onyx Sleet activity observed by Microsoft researchers. Microsoft first observed Onyx Sleet activity in 2014 and have seen the group target victims globally for espionage / intelligence gathering. More recently the report says that the group has pursued financial gain. The report outlines the extensive set of custom tools and malware used by the group and includes specific indicators of compromise (IoCs) and mitigation recommendations.
Cyber Threat Graph Context
Explore how this report relates to the wider threat graph